I am new to Amazon EC2.
I have 2 instances A and B in EC2. Both are Redhat 6.4.
They are part of the same VPC
A is assigned with an Elastic IP.
I setup an Apache httpd server on A to download files from.
I made sure to have an inbound rule on A for HTTP traffic(port 80). IPtables on A is stopped as well
I am trying to download a file from A on machine B.
Here is what i get:
[ec2-user#ip-172-31-21-183 tmp]$ wget http://ec2-1-2-3-4.us-west-2.compute.amazonaws.com/MySQL-5.6.15-1.el6.x86_64.rpm-bundle.tar
--2014-04-24 08:36:32-- http://ec2-1-2-3-4.us-west-2.compute.amazonaws.com/MySQL-5.6.15-1.el6.x86_64.rpm-bundle.tar
Resolving ec2-1-2-3-4.us-west-2.compute.amazonaws.com... 172.31.6.188
Connecting to ec2-1-2-3-4.us-west-2.compute.amazonaws.com|172.31.6.188|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-04-24 08:36:32 ERROR 403: Forbidden.
It seems i am missing something basic. What's is wrong in the above setup?
Thx in advance
Error 403 is an HTTP error - it means that B was able to successfully connect to A, but httpd returned an access error.
Check your httpd configuration - you may have configured it to require authentication for all requests, or the file itself may have file access permissions that do not allow httpd to access it.
Related
I am facing this issue as I am new to AWS EC2. I have setup an instance and ssh working perfect. I installed httpd, mysql, php and httpd and mysql services running fine.
I can't access EC2 public DNS in a browser. I already added a rule for HTTP with port 80 but still not working. What can be the other reasons?
For this trouble shoot like below :
Step 1) ssh to instance and stop the iptables if it is running.
Step2) if above step not resolves the issue, please post the log out put of browser. is it 404 error or DNS not found or 403 something like that. Then I can assist you.
I'm trying to monitor a VHost on the local Apache instance via Monit. The same domain accepts both http and https traffic, so I wanted to monitor both.
Also, the IP that the domain resolves to goes to a server that load balances the traffic between the current Apache instance and another server running Apache. I need Monit to monitor the local instance, and I was hoping to avoid adding any records in the /etc/hosts file, so I was thinking that Monits config setting with http headers [] would suffice, and I think it is (Just monitoring localhost, but setting the headers Host to the vhost domain).
Anyways, the main problem I seem to be running into, is even though I configure Monit to monitor the host via both http and https protocols, it monitors both hosts via just http, however the port is set to 443 for the one I need using https protocol.
The Monit config file for Apache is:
check process httpd with pidfile /var/run/httpd/httpd.pid
start program = "/bin/systemctl restart httpd.service" with timeout 60 seconds
stop program = "/bin/systemctl stop httpd.service"
check host localhost with address localhost
if failed
port 80
protocol http
with http headers [Host: www.domain.com, Cache-Control: no-cache]
and request / with content = "www.domain.com"
then restart
if failed
port 443
protocol https
with http headers [Host: www.domain.com, Cache-Control: no-cache]
and request / with content = "www.domain.com"
then restart
if 5 restarts within 5 cycles
then timeout
And here's the Monit status for that check:
[root#server enabled-monitors]# monit status localhost
The Monit daemon 5.14 uptime: 14m
Remote Host 'localhost'
status Connection failed
monitoring status Monitored
port response time FAILED to [localhost]:443/ type TCPSSL/IP protocol HTTP
port response time 0.001s to [localhost]:80/ type TCP/IP protocol HTTP
data collected Tue, 26 Apr 2016 10:44:32
So it's fairly obvious to me that the https is failing because its still trying to use port HTTP, even though I have protocol https in the configuration.
Any input would be much appreciated. I have a feeling this may be a bug, and ill create an issue in the Monit Github repo, but I wan't to make sure it's not something silly that I overlooked.
Thank you!
Late reply here, but I thought I would still post for readers who stumbled upon the same issue.
The problem seems to be not with Monit using port HTTP despite check configured for HTTPS. It always reports HTTP protocol in status (a display bug).
The real issue is likely with Monit not supporting SNI for SSL, so it ignores the with http headers [Host: www.domain.com ... in your https check. Thus the check fails because Monit is actually testing https://localhost.
I've filed bug with Monit developers here.
Background:
OS: ubuntu
Web Server: apache2
What works:
I can ping the server's elastic IP (and receive a response)
I can ssh into the server
What doesn't work:
I cannot get any sort of http response from the server
Expected Behavior:
When I go to http://ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com/, it will serve my page, or at least give me a 404 that I can debug
Actual Behavior:
When I go to http://ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com/, it says "Oops! Google Chrome could not connect to ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com". It doesn't even give me a 404.
Rant:
Clearly the server is there because I can ssh in to that exact address and I can ping that exact IP and get a response. But when I go that exact address in my web browser it's as if it never makes it to the server. Or it's as if Amazon isn't letting http requests through, but in my security group I am clearly specifying that http requests from all sources are allowed through. Apache is definitely running, my document root is definitely set up properly, and my error and access logs don't give me anything.
Is there any sort of log in between Amazon and the server, or in between requests making it to the server and being received by Apache that would specify why it's returning "not found" rather than a 404. Can I make my Apache logs more verbose?
Thanks in advance! I've spent hours on this....
Turns out apache was set to listen on port 8080 rather than port 80, so if you encounter this problem, try taking a look at what apache's listening to.
I have installed apache HTTP server and after when i browse to localhost i am getting this error. Apache server is started. Port is configured to 80 and seems to be no one use it. I can't figure out what is the problem. Can someone?
Thanks.
The problem is that you're routing your localhost traffic through your upstream gateway proxy. The upstream gateway proxy refuses to send the traffic back, either because "localhost" has a different meaning to it, or because it's trying to prevent a security threat called "proxy bounceback." What URL are you using to access your site? Put that URL's hostname in your proxy exemption list.
Open the ISA server2006 and create a role and allow networks internal to allow internal and external .And restart the isa services .It will work fine
I tried this and it is working fine.
I have recently created a Rackspace cloud server instance using CentOS 5.5. I have used yum to install the "Web Server" group (it includes Apache, etc.), added www.booztrakr.com as the ServerName in httpd.conf, made sure iptables allows on port 80. I had registered this domain with Go-Daddy and changed their name servers to the Rackspace name servers on their site. I added "A" and CNAME records to the Rackspace name servers. httpd has been started. When I use curl on the server I can get the Apache landing page. When I dig www.booztrakr.com from a remote machine(over the internet) the answer section returns:
www.booztrakr.com. 300 IN CNAME booztrakr.com.
booztrakr.com. 300 IN A 184.106.216.156
When I try a browser or curl, it can't connect:
curl -G www.booztrakr.com
curl: (7) couldn't connect to host
I know this has got to be pretty basic and config related but I'll be dammed if I can see it. Any help would be appreciated. Thanks.
If dig resolves, this just means the DNS server returns the right values. It will even work if the IP doesn't exists.
If a HTTP connecting to the server fails, this is a configuration problem.
The server responds to ICMP requests, so it's not a routing problem.
When I use curl on the server I can get the Apache landing page
Your webserver is running, but you just can't reach it from outside. This is the problem. What does iptables --list outputs?