Create Azure Virtual Machine - azure

I followed the tutorial Create Linux Virtual Machine and everything seems correct, what do I know since this is my first attempt. I can't see whats wrong, I can ssh to it and run things, etc.
The issue I have is that I can't ping the public ip address. The prompt just hangs. At the end of the tutorial it asks to view a website on the page, and the browser just times out?
Is there something I should look at?
The tutorial creates a website with nginx and I have never used this, but it expects port 80 to be open. I added port 80 open for the Network Security Group.
I eventually will use Tomcat at port 8080 so I installed and opened port 8080 in the Network security group.
If I try to connect over port 80: ipAddress:80 ERR_CONNECTION_TIMED_OUT
if I ssh to the vm and use ps aux | grep nginx i get a response like
root 7809 0.0 0.0 116528 1400 ? Ss 20:56 0:00
nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 7810 0.0 0.0 116880 2576 ? S 20:56 0:00 nginx: worker process
The server is running.
if I try ipAddress:8080 I get the tomcat default web page. I can't figure out why nginx doesn't work.

ping wont work. you need to open up website port on the NSG and on your linux box. you can use this guide: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal

ping is disabled in Azure for public facing IPs
regarding the ports you need to consider two things, first as you mention the NSG has to enable the traffic for the ports of interest, its important to consider that you can have NSGs at the NIC and Vnet levels, please review which one do you have, secondly once the NSG has been opened there has to be a listening service on the VM, you mention that the tutorial tells you to use port 80 but then looks like tomcat uses 8080 instead, I recommend running the following command to verify the listening ports at the OS level
sudo netstat -plnt
please let me know if this helps

Related

Connecting to host from inside a docker container on linux requires opening firewall port

Background: I'm trying to have XDebug connect to my IDE from within a docker container (my php app is running inside a container on my development machine). On my Macbook, it has no issue doing this. However, on linux, I discovered that from within the container, the port I was using (9000) was not visibile on the host gateway (Using sudo nmap -sT -p- 172.20.0.1 where 172.20.0.1 is my host gateway in docker).
I was able to fix this issue by opening port 9000 on my development machine (sudo ufw allow 9000/tcp). Once I did this, the container could see port 9000 on the host gateway.
My Question: Is this completely necessary? I don't love the idea of opening up a firewall port just so a docker container, running on my machine, can connect to it. Is there a more secure alternative to this?
From what you've told us, opening the port does sound necessary. If a firewall blocks a port, all traffic over that port is blocked and you won't be able to use the application on the container from the host machine.
What you can do to make this more secure is to specify a specific interface to open the port for as specified here:
ufw allow in on docker0 port 9000 proto tcp
Obviously replace docker0 with the docker interface on your machine. You can find this by looking at the output of ip address show or by following the steps here if the interface name is not obvious.

Serve node Webapp on port 80 in amazon ec2

I have a node application listening on port 80, I have set the security groups open on port 80.
But, when I access my webapp in browser via public ip(http://xx.xxx.xx.xxx/), it doesn't show up.
What could be the issue?
I've use this doc as a guide https://aws.amazon.com/premiumsupport/knowledge-center/connect-http-https-ec2/
When your security group already allowed traffic It means something wrong with the instance.
The first step to debug such an issue to verify the application status inside the instance.
do ssh to the instance and verify is the instance responding on localhost curl localhost
check is the process running, if you are using any nodejs process manager like pm2 pm2 list or forever forever list or ps -aux | grep node
Verify is the server running on port 80.
check is the port occupied netstat -antu | grep LISTEN
In short, if the application responding on localhost using curl localhost, then as mentioned in the comment then the instance is in the private subnet.
you can check this article to know about public and private subnet.
So The answer was, my security groups were fine. My app wasn't running because I didn't set the environment variable correctly. sudo PORT=80 node server.js was the command I needed.

Azure Ubuntu VM application only able to connect on port 80

I have an Ubuntu16.04 VM on Azure, and am trying to run a node server on it. When I bind the port to 80, I am able to access it from my browser (http://a.b.c.d:80). However, if I try to instead bind the server to a different port, such as 3300 or 8080, the browser times out when trying to connect to it. (http://a.b.c.d:3300)
I have ensured that:
There exists an inbound security rule for port 3300 in the NSG
The windows firewall of the machine of the browser allows port 3300 (I have even tried temporarily turning it completely off but to no avail)
I am not using an azure load balancer
I am starting node with root privileges
Node is bound to (port, "0.0.0.0")
I am listening on the correct port (I think?)
netstat -ant | grep 3300 gives
tcp6 0 0 :::3300 :::* LISTEN
I have spent a few hours now researching on the internet how to get it to work and tried everything I could find, but to no avail. If anyone has any input i'd be happy to try it out.
Jason was correct, it was a ufw issue. If anyone comes across this question in the future, I solved it with the command
sudo ufw allow proto tcp from any to any port 3300

How can I find where node.js is running?

I have a VPS with node.js installed, I already uploaded a basic example to test it on the server, so I tried doing this:
I access by SSH, navigate to my project folder and run
node app.js
I get this message
Express server listening on port 8080
I thought i could see my app here
example.com:8080 or server.example:8080... but nothing. Then I tried with the info from os.networkInterfaces(); and os.host(); and still nothing happen
could you help me out? as you can see I am a total noob on node.js. What I'm doing wrong? or what should I do before running my app? Something related to DNS's? i have no idea
How do you ssh to your host? with ip or name? Is it something like:
ssh root#example.com
if so then at least you know your DNS is ok.
Once on the server do a
netstat -a
if you find *:8080 then your server is listening in the default ip. If you see something like 12.23.45.67:8080 then this number is the ip your server is listening.
ifconfig
will give you the servers ip. This should be the same as the ip of example.com. If not then maybe there is some router/firewall in front of your server and you have to configure that to allow port 8080 to reach your server.
if someone ever has the same problem this is how i solved on CentOS:
Open this file
/ Etc / csf / csf.conf
Add the required port
Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"
Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"
Restart
# # Csf-r

amazon ec2 service(linux) cannot use tomcat7 or 6

i just use yum install tomcat7 to setup the tomcat7 and change the port, in the /usr/share/tomcat/conf/server.xml from 8080 to 80 and service tomcat6 start, it works fine.
but when i do the netstat -nlp, there is no 80 port, and also other cannot visit the 80 port
try to create ROOT, i think you did not create it yet, that way make your website unavaialbel.
When you do netstat it typically will show you http, not 80: this is because 80 is bound to http in /etc/services. You'll see something like this:
tcp 0 0 *:http *:* LISTEN
Assuming you're not experiencing a Tomcat error, make sure that you've set up the EC2 security group to allow access to port 80. Look at this for a decent treatment.
EDIT: if 8080 works but 80 doesn't then it is either:
Some other program (such as Apache) sitting on port 80.
You're probably not running with the right privileges. On most Linux distributions you need to be the root user (or running as a system process) to access ports numbered less than 1023

Resources