I've been setting up an AWS EC2 server this week, and I'm almost there with what I want to do. But opening up as a web server is proving to be a stumbling block.
MY SETUP
I have an AWS EC2 instance running Red Hat EL7.
I have an Apache server running on my instance:
[ec2-user#ip-172-xx-xx-xx ~]$ ps -ef | grep -i httpd
root 18162 1 0 18:02 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 18163 18162 0 18:02 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 18164 18162 0 18:02 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 18165 18162 0 18:02 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 18166 18162 0 18:02 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 18167 18162 0 18:02 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
ec2-user 21345 20507 0 19:03 pts/1 00:00:00 grep --color=auto -i httpd
It seems to be listening on port 80:
[root#ip-172-xx-xx-xx ~]# netstat -lntp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 18162/httpd
I added inbound rules to the "launch-wizard-1" security group (which is shown as the security group for the instance) for port 80 (HTTP) and 443 (HTTPS) with sources of "0.0.0.0/0" and "::/0"
And finally, for testing my setup, I created an index.html file in my document root (/var/www/html):
<html>
<h1>TEST!</h1>
</html>
THE PROBLEM
From my chrome browser on my computer, when I try to hit:
http://ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com/index.html
I just get:
This page isn’t working
ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com didn’t send any data.
ERR_EMPTY_RESPONSE
(I get the same when I hit one of my domain names which I've set up on there, which is what I'm really trying to do of course!)
I've tried connecting from Chrome on 2 different computers, and from Safari on my phone ("Safari cannot open the page because it could not connect to the server")
CHECKS I'VE PERFORMED
I don't believe I have any server firewall preventing this:
[root#ip-xx-xx-xx-xx conf]# /sbin/iptables -L -v -n
Chain INPUT (policy ACCEPT 3575 packets, 275K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2215 packets, 350K bytes)
pkts bytes target prot opt in out source destination
Testing with telnet from a terminal session on my mac, port 80 appears to be open. Firstly using the IPv2 Public IP:
telnet 18.xxx.xxx.xx 80
Trying 18.xxx.xxx.xx...
Connected to ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com.
Escape character is '^]'.
Connection closed by foreign host.
and using the Public DNS (IPv4):
telnet ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com 80
Trying 18.xxx.xxx.xx...
Connected to ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com.
Escape character is '^]'.
Connection closed by foreign host.
And again, the same goes for my domain names - telnet to port 80 shows "Connected".
- Is the fact that the "foreign host" closes the connection immediately significant? Should it stay open if everything is working as it should?
Running curl on the host correctly returns my simple index.html file:
[ec2-user#ip-172-xx-xx-xx ~]$ curl localhost
<html>
<h1>TEST!</h1>
</html>
However, running a curl on my local computer - to the server - returns:
curl -v http://ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com:80
* Rebuilt URL to: http://ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com:80/
* Trying 18.xxx.xxx.xx...
* Connected to ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com (18.xxx.xxx.xx) port 80 (#0)
> GET / HTTP/1.1
> Host: ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com
> User-Agent: curl/7.43.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host ec2-18-xxx-xxx-xx.us-east-2.compute.amazonaws.com left intact
curl: (52) Empty reply from server
I also tested the webserver "internally" by running google chrome (headless) on the server to create a screenshot, downloaded to my local computer and it shows TEST! (i.e. its working):
google-chrome-stable --headless --disable-gpu --screenshot http://localhost
One more thing to add - when I attempt the hit the webserver from my local machine, nothing shows in the webserver logs (error_log or access_log) on the server.
So, my opinion is that the web server is up and running, works locally, but is not working correctly for anything coming from "outside". I'm stumped now though.
Doh! I rebooted the instance and.. all working now!
22 years working with computers and it took me 22 hrs to resort to a reboot. Fool!
Connect to your EC2 instance using ssh on terminal
Install python if not installed
Start a python server using nohup to continuously use the server
nohup python -m http.server &
This usually open port 8000, goto EC2 Security Group Make source anywhere or as needed.
Navigate to the folder having index.html, file path will look like below
http://ec2---.compute-1.amazonaws.com:8000/folder/website/
You will be able to develop and see your changes as needed.
Related
I'm trying to get a basic Express application running on an AWS EC2 Ubuntu Linux instance.
On such systems, the server has to be run as a super user to listen to port 80. But that would be a bad practice, so instead you're supposed to listen to a different port (eg. 3000) and redirect traffic from port 80 to 3000.
To forward the port I tried using this command from another Stack Overflow answer, Node.js + Express: app won't start listening on port 80):
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
I've run that command (and re-run it to be sure), but even so it doesn't seem to be forwarding 3000 to 80, because I can only access my server on port 3000:
curl localhost:3000
*html*
curl localhost
curl: (7) Failed to connect to localhost port 80 after 0 ms: Connection refused
I have no idea what I did wrong, but I know nothing about iptables, so any help would be appreciated.
P.S. I've tried checking the iptables records with the command sudo iptables -L -n -v, but the results don't say anything about ports (and again, I don't know iptables), so I'm not sure if it's saying my command worked or not:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target
prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target
prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target
prot opt in out source destination
The reason your test doesn't work is because trying to access the service from localhost bypasses the NAT table. You need to test from a different host. It should then work presuming the rule is loaded correctly and there is no firewall or other rules interfering.
Note, there are multiple other, probably better ways, to get get a non-privileged process bound to a privileged port. There is a big discussion in Is there a way for non-root processes to bind to "privileged" ports on Linux? which includes the solution your using among others.
After following the installation instructions referenced at https://superset.apache.org/docs/installation/installing-superset-from-scratch, I'm not able to see the app at the ip number/server port in my win 10 web browser. How do I make it work at the right ip address?
I've installed it under venv running on a CentOS 8 VM on my win 10 laptop. I'm using the NAT network adapter and I can can use putty and the CentOS 8 cockpit app is available on port 9090.
Currently it says it's running at 127.0.0.1:8089:
(venv) /root>superset run -p 8089 --with-threads --reload --debugger
logging was configured successfully
2021-08-04 15:35:48,492:INFO:superset.utils.logging_configurator:logging was configured successfully
2021-08-04 15:35:48,505:INFO:root:Configured event logger of type <class 'superset.utils.log.DBEventLogger'>
/root/venv/lib64/python3.8/site-packages/flask_caching/__init__.py:201: UserWarning: Flask-Caching: CACHE_TYPE is set to null, caching is effectively disabled.
warnings.warn(
No PIL installation found
2021-08-04 15:35:48,722:INFO:superset.utils.screenshots:No PIL installation found
* Serving Flask app "superset" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
2021-08-04 15:35:50,007:INFO:werkzeug: * Running on http://127.0.0.1:8089/ (Press CTRL+C to quit)
netstat shows port 8089 open for 127.0.0.1, but not the VM's ip number. nmap shows the port closed.
/root>netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 944/sshd
tcp 0 0 127.0.0.1:8089 0.0.0.0:* LISTEN 4247/python3
tcp6 0 0 :::9090 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 944/sshd
/root>nmap 192.168.42.130
Starting Nmap 7.70 ( https://nmap.org ) at 2021-08-04 15:45 PDT
Nmap scan report for kevinsAppServer (192.168.42.130)
Host is up (0.000015s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 1.73 seconds
/root>nmap -p 8089 192.168.42.130
Starting Nmap 7.70 ( https://nmap.org ) at 2021-08-04 15:45 PDT
Nmap scan report for kevinsAppServer (192.168.42.130)
Host is up (0.000067s latency).
PORT STATE SERVICE
8089/tcp closed unknown
I think it should work if i can get the port opened on my server's IP number, unless there's something I did wrong..
I got it to work by adding the -h option for the superset run command, which I found when running the superset run --help at the server command line. So now this command works:
superset run -h my.i.p.adddress -p 8089 --with-threads --reload --debugger
In my case I also had to open port 8089 on the CentOS firewall.
I just installed rabbitmq on a 14 ubuntu, adjusted the hostname in the /etc/hosts files, in the following format 127.0.0.1 hostname.
I can see the web console with curl localhost:15672, but when I try to access it with the browser, it just won't open?
I can see the port with netstat:
netstat -nptl | grep 15672
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 29997/beam
But I can't see it with nmap:
nmap -sT -O localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-16 19:52 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00022s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
I also enabled the web interface in rabbitmq, made the user and all that, but when I try to access it through the browser http:/my-ip-address:15672(5672), the web page just times out?
Tnx,
Tom
I try to restart the apache service on ubuntu 16.04 but i can not because the port '80' is listened to by nginx.
But when I try to stop nginx, the service is not found.
netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6069/nginx
systemctl status nginx
● nginx.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
service nginx stop
Failed to stop nginx.service: Unit nginx.service not loaded.
So how can I stop nginx in order to restart apache ?
Thanks for your help
nginx on your machine was started in other way then systemd standard nginx service.
alex#openresty:~$ ps aux | grep nginx
root 2668 0.0 0.0 41040 928 ? Ss 12:33 0:00 nginx: master process /usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/
nobody 2669 0.0 0.0 41040 3316 ? S 12:33 0:00 nginx: worker process
Will show you the full path of running nginx with command line arguments. Here is example from my PC (I use Openresty bundle so your paths may vary).
Now take a look at nginx master process command line parameters. If -p is present you should use exactly the same to stop nginx. For my case it should be:
/usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/ -s stop
If -p is missed you may just
/usr/local/openresty/bin/openresty -s stop
It would stop nginx, but it may be possible that on your PC nginx is configured to run as not standard service, for example hand written systemd unit.
So on every reboot you will have nginx running again.
I have successfully started an AWS instance. I can connect with Putty and also
with WinSCP. I have ports 80 and 443 open and SSH port 22. I have installed LAMP successfully: Apache seems to start OK on the server:
[ec2-user ~]$ chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
but when I go enter the public DNS address on the browser it gets timed out!
I also get this report from:
[ec2-user ~]$ ls -l /var/www
total 20
drwxrwsr-x 2 root www 4096 Mar 18 20:24 cgi-bin
drwxrwsr-x 3 root www 4096 Apr 16 21:41 error
drwxrwsr-x 2 root www 4096 Apr 16 22:32 html
drwxrwsr-x 3 root www 4096 Apr 16 21:41 icons
drwxrwsr-x 2 root www 4096 Apr 16 21:41 noindex
[ec2-user#ip-172-31-24-2 ~]$ ^C
[ec2-user#ip-172-31-24-2 ~]$
I'm totally new to this so any help much appreciated!
I'm using a Windows 7 machine and the AWS instance is linux.
Can you please send "sudo netstat -nltp". You also said 80 and 443 is open, are these opened via security groups, right?
The first thing to check when a browser times out is the Security Group. Do you have a rule in your instance's security group that will authorize traffic to TCP Port 80 and / or TCP port 443 ?
If this is correct and SSH connectivity to the instance is OK too (it rules out networking issues), then I would check if your Apache server is actually running. Nothing from the command output shared in your question actually proof Apache is running. Type ps ax | grep http to verify http daemon is running or not. Also type netstat -tnlp as suggested in another reply to very http process is actually listening on port TCP 80 or TCP 443
Seb