I am trying to connect to an Aurora RDS cluster located in our private subnets from our managed grafana as a data source.
According to this answer, a VPC endpoint for Grafana is the way to accomplish this.
I have created a Managed Grafana Interface VPC endpoint in the RDS cluster VPC, and for the same region our managed grafana was created at (for com.amazonaws.us-east-2.grafana service). I have also attached this endpoint to all the private subnets the RDS cluster's subnet group is configured on.
When I test the connection to our RDS cluster in Grafana it fails with the following text:
<html> <head><title>504 Gateway Time-out</title></head> <body> <center><h1>504 Gateway Time-out</h1></center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> Gateway Time-out
I'm specifying the endpoint and port of a reader instance, which otherwise being accessed from our bastion host is reachable.
The reader instance's VPC security group allows TCP incoming traffic from 0.0.0.0/0 towards port 5432 and allows all outbound traffic.
What could be the problem with my setup?
Thank you for your time.
Related
I installed Grafana in an AWS linux machine. Post that i started Grafana server also which is there in bin folder. But still i am unable to access Grafana UI from a web browser. I am using below URL to access Grafana UI
http://52.209.135.66:8000/
I tried to check connectivity from terminal by using below command
wget http://52.209.135.66:8000/
the output of the command is
--2020-07-22 17:40:12-- http://52.209.135.66:8000/
Connecting to 52.209.135.66:8000... failed: Connection timed out.
Retrying.
--2020-07-22 17:42:22-- (try: 2) http://52.209.135.66:8000/
Connecting to 52.209.135.66:8000...
As suggested in few online articles i executed below command to remove the firewall settings, still it is not accessible
sudo iptables -F
Can someone please help me in resolving this issue?
Check the following areas:
Inbound Rule for the Security Groups attached to your instance: they must allow for port 8000 coming from 0.0.0.0/0
Custom Network ACLs associated with the VPC subnet where your instance is provisioned (Default ACL should allow all traffic). Ensure either all traffic is allowed or there are rules that allow inbound traffic on port 8000 from 0.0.0.0/0 AND outbound traffic to anywhere on the peripheral ports.
The instance is in a public subnet: that is, there's route from the subnet to the Internet Gateway.
The IP address is associated with your instance
I created an ec2 instance for web scraping purposes. However, I can't scrape any sites with selenium because I get below error :
"selenium.common.exceptions.TimeoutException: Message: connection refused" error.
I think this is to do with the security group settings blocking off websites. So I created a new security group according to this. However, upon doing this, I am not able to ssh into the EC2 instance anymore.
What configuration do I need for my EC2 instance to be able to scrape websites?
For accessing SSH you need to modify the security group as in the image below:
For accessing HTTP(80 port) or HTTPS(443 port) you need to add rules like this:
Check if these two rules are enabled or not. These are all inbound rules.
I will assume that you are using Selenium on an Amazon EC2 instance.
Your Inbound security group settings are irrelevant for Selenium, but presumably you will want to login to the instance. Thus, your Inbound security group should permit port 22 (for Linux) or port 3389 (for Windows RDP).
To permit the Selenium app on the instance to access the Internet, you could use the default "Allow all" setting for the Outbound security group: All Traffic, all ports, Destination = 0.0.0.0/0
It is possible that the websites you are attempting to scrape have blocked the IP address range of Amazon EC2 instances. (Always operate according to a website's conditions of use!) You can test this by connecting to the Amazon EC2 instance and then trying to retrieve some websites, such as:
curl www.google.com
The contents of an HTML page should be returned.
Then, try it with one of the websites you are intending to scrape to verify that the instance can access that site.
I am trying to configure Azure application gateway WAF with a backendpool set to a VM in a different Azure tenant using its public IP address on port 443. All the SSL certificates are configured properly. However, I keep getting following error while browsing the site via WAF.
502 - Web server received an invalid response while acting as a gateway or proxy server.
I have confirmed that the NSG is on the mentioned back-end VM is allowing all traffic on port 443. What could be going wrong here?
Generally, you can check the status of Backend health in the monitoring of Application Gateway and compare with the DETAILS referring to these possible reasons on your side.
NSG, UDR or Custom DNS is blocking access to backend pool members.
Back-end VMs or instances of virtual machine scale set are not responding to the default health probe.
Invalid or improper configuration of custom health probes.
Azure Application Gateway's back-end pool is not configured or empty.
None of the VMs or instances in virtual machine scale set are healthy.
Request time-out or connectivity issues with user requests.
For each reason, you can get a solution from that link. I think you could make sure you can directly access the backend with public IP from one tenant to another tenant. Then if you have an NSG in the app gateway subnet, you must include exceptions for incoming traffic on ports 65503-65534 for the Application Gateway v1 SKU, and ports 65200-65535 for the v2 SKU. You could get more details here. You could also whitelist the app gateway public IP address in the NSG of backend VM.
I have a service fabric with multiple web apps / APIs running on multiple ports. For example:
http://cluster.centralus.cloudapp.azure.com:9012/app1
http://cluster.centralus.cloudapp.azure.com:9013/app2
and so on.
I am trying to configure application gateway to with a custom domain and SSL offload, but i am getting 502 error. This is what i configured:
Back end pool - added both the VM scaleset public IP and load SF load balancer FQDN (cluster.centralus.cloudapp.azure.com)
HTTP settings - added HTTP on port 9012 (http://cluster.centralus.cloudapp.azure.com:9012/app1)
Listener - added HTTPS listener on port 443 with SSL certificate
Rules - basic rule to combine all above
I can access the web apps/services via public IP and SF load balance (http://cluster.centralus.cloudapp.azure.com:9012/app1), but when i try the gateway, i am getting 502 error. The MSDN documentation doesn't seem to help much. My question would be, what do i need to configure to support SF apps on a custom port (9012,9013, etc in my case) to work with 443 port in gateway and custom domain/SSL
I createad a Redshift cluster inside a Public subnet inside a VPC. The VPC is connected to an Internet Gateway
Configured IPs for inbound/oubound traffic in cluster security group.
Configured IPs for inbound/oubound traffic in VPC security group.
Configured IPs for inbound/oubound traffic in Network ACL.
Configured IPs for inbound/oubound traffic in Main route table.
Still when I try to connect using a client, I get connection refused. Am I missing step here ?