I have an Azure VM running Ubuntu 14.04. It is running a basic NGINX configuration listening on port 8443 and proxying to localhost 8080 which is being listened to by a service running a script which I am working on.
In my inbound port rules I have opened port 8443 with source IP as my office IP, and destination IP as the VM's private IP, over TCP.
After research I have discovered that you can not ping an Azure VM, though with tools such as psping you can check access to specific ports.
Due to being on OSX I have been trying to use TCPing, trying both DNS and public IP along with port number. I get the response 'port 8443 closed'.
I have checked ports on my VM with netstat and can confirm that nginx is listening on port 8443 and python (my service running a script) is listening on port 8080.
Here is my sites-enabled nginx configuration:
server {
listen 8443;
server_name myServer;
index index.html index.htm index.php;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 600;
proxy_connect_timeout 90;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
}
Anything else I can check? Thanks.
You should check all the following :
Network Security Groups
Load Balancer configuration (if exists)
Configure the Linux Firewall
You can also try to ping the VM port using PsPing (If your OS is Windows)
Related
I have set up a Linode NodeBalancer to handle HTTPS traffic for my website, https://adamhelm.com, which listens on port 443. I have also set up an nginx server to route traffic to my Node.js application on port 3000 with the following nginx configuration:
listen 443;
server_name www.adamhelm.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
When I try to access my website at https://adamhelm.com, I get a "502 Bad Gateway" error on my web browser. The error logs from NGINX show that there is a "Permission denied" error when trying to connect to the upstream server at http://45.79.140.133:3000. The connection to the upstream server is being made from the NodeBalancer with a private connection using the IP address 192.168.255.142.
I am able to access the app through the host's IP address directly at http://45.79.140.133:3000 without any issues.
I am looking for help to correctly configure this setup.
The Node.js app communication to NGINX requires opening outbound ports. Anyone wishing to leverage NGINX as a reverse proxies to Node.js with Linode NodeBalancers should be aware of this.
The solution for CentOS7 is:
Solution Reference URL
yum install policycoreutils-python
semanage port --add --type http_port_t --proto tcp 8001
The confusion has occurred as on this page under "Reverse proxy configuration" it has been mentioned so :
By default, Elastic Beanstalk configures the proxy to forward requests coming in on port 80 to your main web application on port 5000.
And on this page it has been mentioned like so:
By default, Elastic Beanstalk configures the proxy to forward requests to your application on port 8080.
So is it port 5000 or is port 8080 the default port to which the requests are forwarded?
On Amazon Linux 2 it is 8080. You can check it by inspecting default nginx setting on the EB instance:
cat /etc/nginx/conf.d/elasticbeanstalk/00_application.conf
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
The 5000 could be from Amazon Linux 1, not sure about it.
If you're using Amazon Linux 2 and the docker platform, the default port is 8000.
cat /etc/nginx/conf.d/elasticbeanstalk-nginx-docker-upstream.conf
upstream docker {
server 172.17.0.2:8000;
keepalive 256;
This is the default ElasticBeanstalk with docker setup:
Request hits port port 80, this hits instance which goes to Nginx Proxy, where it's forwarded to Docker that by default exposes it's services on port 8000.
By default ElasticBeanstalk runs a listener on port 80, you can confirm it in AWS ElasticBeanstalk environment by checking:
enviornment name > configuration > load balancer > Listeners
You can confirm Nginx forwarding port by running:
$ cat /etc/nginx/conf.d/elasticbeanstalk-nginx-docker-upstream.conf
upstream docker {
server 172.17.0.2:8000;
keepalive 256;
And check the Docker's expose port by running:
$ cat /var/app/current/Dockerfile
FROM python:2.7
# Add sample application
ADD application.py /tmp/application.py
EXPOSE 8000
# Run it
ENTRYPOINT ["python", "/tmp/application.py"]
i have simple nodejs app running on ec2 instance with nginx configs
when tried to access the app from browser it give me "ec2-18-223-0-201.us-east-2.compute.amazonaws.com refused to connect."
when trying to curl it from VM
using curl http://localhost:3000 it works correctly, however when trying curl http://127.0.0.1:3000 it give me this output
Found. Redirecting to https://127.0.0.1:3000/
here's my nginx configs
upstream test{
server 127.0.0.1:3000;
}
server {
listen 80;
server_name ec2-18-223-0-201.us-east-2.compute.amazonaws.com www.ec2-18-223-0-201.us-east-2.compute.amazonaws.com;
location / {
client_max_body_size 20M;
client_body_buffer_size 128k;
proxy_pass http://test;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
One thing that should be clear before the actual problem. Is there in redirect policy in node app that returns below output?
curl http://127.0.0.1:3000 it gives me this output
Found. Redirecting to https://127.0.0.1:3000/ because redirection is
expected from Nginx, not from node app.
But I am sure the problem is with Nginx not with Node app as it is able to respond on a local port 3000.
refused to connect to connect mean that the server not running at all or the port may disable from the firewall.
Two possible reasons:
The Port 80 is not allowed in Security Group of the instance so allow 80 in the security group of AWS instance.
The Nginx is not running. Check the log under tail -f /var/log/nginx/error.log and the reason might be the log name of the DNS in the sever section.
So therefor two Suggestion for Nginx config
update your Nginx config to support long DNS name
vim /etc/nginx/nginx.conf and add value under http section in the config
http {
server_names_hash_bucket_size 512;
....
}
2. Remove redundent name from the config, its not be the reason but you should remove server_name ec2-18-223-0-201.us-east-2.compute.amazonaws.com www.ec2-18-223-0-201.us-east-2.compute.amazonaws.com;
I bought ubuntu server in digitalocean.
I am connecting my server IP through ssh on my terminal and i create a small node app and after starting the app, I can able to see my app running on my http://myipaddress:nodeport
How i can i connect my domain to this?
I bought free domain from freenom for testing purpose.
By following some tutorials i make a /etc/nginx/sites-available folder into my server and create a file called default and write code like this
server {
listen 80;
server_name sameer.tk; // i bought this domain from freenom
location / {
proxy_pass http://my_private_ip:3004 //with nodeport
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
But if i hit sameer.tk after the setup its not working, i even restart my nginx.
You no need any nginx for node server.
You may run node server as 80 port and open 80 port in network security group.
After that, you should point domain to your instance public ip address in your domain management panel.
Ref:
https://www.digitalocean.com/community/tutorials/how-to-point-to-digitalocean-nameservers-from-common-domain-registrars
I am running a Ripple-Rest server on a CrunchBang Linux (Debian) computer. It runs on the port 5990. I ran the server on this computer and it works fine when i view it via localhost but after port forwarding 5990 on my router I cannot acces this server from any other computer via public IP. I have given full permissions to all of the files the server uses as well.
Below are links to screen shots of what I have done:
https://dl.dropboxusercontent.com/u/108273736/capture.png
Please let me know what I can do to get this to work!
I found the best way to do this is proxy it through nginx. That way you can use standard port for accessing the service and leave the ripple-rest service as local.
apt-get install nginx
change /etc/nginx/sites_enabled/default
... add in the following..
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name yourservername.com;
location / {
proxy_pass http://localhost:5990;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
It seems that port 5990 is blocked either from your isp or iptables. You could check on remote if connections to 5990 are allowed by iptables if it is running thst is.
If you would like to run a listener on 80 that forwsrds to 5990 on remote or you could run local port forwarding.
http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
Assuming ssh on 22 is almost always open.
We faced a similar issue on amazon ec2 and our data center:
http://khanna111.com/wordPressBlog/2013/01/05/amazon-web-service-aws-and-vnc/