Can't access node.js API on port 3000 on AWS EC2 instance, but netstat shows port :3000 listening and my AWS security group has TCP rules for this port. What else could the problem be?
I've tried changing port, setting security group rules and adding port to iptables and it didn't work. I'm using node 10.6.0.
When I use netstat -tulpn | grep LISTEN it contains the following line:
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 8270/node
When i try to access myip:3000/socket (my node endpoint) it shows: ERR_CONNECTION_REFUSED
Related
I am setting up a Rest API on AWS EC2 and configuring the instance.
I have a problem and it is that despite being able to connect via ssh, I cannot make an API call on port 5000.
The VM has nothing configured, only Node and PM2.
Trying to enter through the public DNS I can't establish a connection either.
I have these security groups enabled.
5000 TCP 0.0.0.0/0
22 TCP 0.0.0.0/0
5000 TCP ::/0
443 TCP 0.0.0.0/0
443 TCP ::/0
80 TCP 0.0.0.0/0
80 TCP ::/0
Can someone help me with this? I don't understand what is happening.
What is the exact error is it timing out ?
If yes then the error is with the security group if not try doing ssh to your container and ping it locally using curl localhost command you might find that the pm2 server is not running the app properly
I have a node app which runs on localhost perfectly, I hosted it on AWS ec2 instance on port 80 and it worked fine too, after 7 days of inactivity when I searched public IP address of my ec2 instance(on any browser), it says <public_ipv4> refused to connect.
Here are a few things I did for troubleshooting which I read from AWS forums but not getting any luck:
deleted the node_modules/ directory and reinstalled using npm
install command
Have correctly allowed HTTP traffic on port 80 inside inbound rules of security groups for that instance(i have only one instance running)
Ran netstat -nplt | grep 80 , which gave me output :
tcp6 0 0 :::80 :::* LISTEN
I have added a script in package.json file, through which app.js file will run
In my app.js file i am listening to port 80:
app.listen(80, async function(){
console.log("server has started");
})
What else am I missing?
Screenshot of inbound rules :
it seems you have allowed only IP v6 address on Inbound traffic of Security Groups..
Not added allow permission for IPv4 address..
Add below rule
HTTP tcp 0.0.0.0/0 80
if you have added both rule ( IPV4 and IPV6) then
sudo netstat -tnlp | grep :80
should show below both lines..
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
but in your case it showing only tcp6
See if the steps below helps.
Did you stop your ec2 instance start and it again if you did it would have changed your public ip if that is case use the new public ip.
Check your security groups attached to the ec2 instance if it allows in bound traffic on port 80.
If the first step does not work connect to your ec2 instance and run a curl command to see if your app is running.
In my app.js file i have used port 80 :
app.listen(80, async function(){
console.log("server has started");
})
but when i changed port number to 3000 in app.listen , it worked , i dont't know how did this happen though.
There was no issue with security groups.
I have my meteor app running on my production server. I have a reverse proxy setup on a different server.
A curl from my reverse proxy server to my app server gives me a Connection Refused.
My app is running on port 8080 and my firewall allows access to the port. I suspect the reason for the connection refused is that my app is running on 127.0.0.1 instead of 0.0.0.0
On running sudo netstat -tapn I get a
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 14391/node
How do I get the app to run on 0.0.0.0. If this is not the reason, what else could cause a connection refused?
127.0.0.1 is the loopback IP it's usually the same as localhost (as defined in your hosts file). you should never be able to connect to that IP from the outside. 0.0.0.0 binds to all IPs on the server, which is accessible from the outside.
I have a running nodejs based socket.io server on AWS ec2, this server is running on port 90, and i can run the local tests on this server at the same port.
netstat -a shows me the port 90 as open as well for connections
tcp 0 0 localhost:3001 *:* LISTEN
tcp 0 0 *:90 *:* LISTEN
I can vouch for the fact that I have the port 90 open on my security group settings, yet I can not connect at the port 90 to my server.
I am not doing anything as foolish as making my clients connect over the localhost.
I have tried telnet to my server at the port 90 but it doesn't work
I have port 22 and 80 open as well and I can very well telnet to them.
Sorry in advance for such a noob question, but I'm certainly a noob.
My question is what does it mean to LISTEN or ACCEPT on a port as it relates to my example?
EXAMPLE:
I have a tomcat server, and It will use port 8080. I want to make sure that port is available for me to use.
What commands should I perform on my unix server and why?
what information would a command like this give me: netstat -an | grep LISTEN
If a port shows up as LISTEN in netstat, it means the port is in use by a server process, so you can't use it. Here is an example:
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
which shows that port 631 is in use.
Ignore the UNIX type sockets at the end - they are irrelevant.
For checking port 8080 is in use or not, you can simply use the command netstat -an|grep 8080. If you get an output in below format, that means 8080 is already in use and you need to assign a new port for the tomcat.
# netstat -an
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc,
a option with netstat will give you both listening and non listening ports
n option when you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name. This also speeds up the output, as netstat is not performing any look-up.
For more understand the use of netstat command here are its options:
-a : All ports
-t : Ports TCP
-u : Ports UDP
-l : Listening ports
-n : IP address without domain name resolution
-p : Name of the program and it associated PID
So:
-To display all port (TCP & UDP), PId with the associated name of the program :
$ netstat -paunt
-To display all Listening ports (TCP), PId with the associated name of the program : (and we can also filter with the grep command)
$ sudo netstat -plnt | grep ':80'
I hope it will be helpful :)
You can also use telnet to check if the port is open and listening e.g,
Zeeshan$ telnet google.com 80
Trying 173.194.35.5...
Connected to google.com.
Escape character is '^]'.
I am telnetting google.com on port 80. If you see the third line in the output, you will notice it says it is connected with the Google's web server. The same way you have a JAVA application server called Tomcat and it is listening on port 8080. In fact it is asking clients to connect to it on port 8080 so it can give away the JAVA services to client. When I will use from a client side telnet localhost 8080 I will be connected the same way I have connected with Google's web server on port 80. Provided that Tomcat is running and listening on port 8080. If port 8080 is not free and occupied by some other application you can simply change the port 8080 to another free port. Telnet should give you the following status:
accepted (connected), refused, and timeout
connection refused - nothing is running on that port
accepted - some application is running on the port
timeout - a firewall is blocking access
So now there are two possible ways to check. From the same machine you are running Tomcat server:
telnet localhost 8080
Of if you want to check it from some other machine or outside of the network:
telnet 192.168.1.1 8080
I hope that helps.
use can also run the below command, it will list the Port and corresponding PID, if any process is using those ports
netstat -tulpn