Can't browse EC2 instance
Solution 1:
The "can't connect" error can usually be taken quite literally - the browser is unable to establish a connection to the remote server. This typically comes down to one of two reasons:
- A network issue e.g.:
- Firewall issues
- both on the local and remote side
- on the remote side, this includes both the security group and operating system firewall (e.g. iptables)
- Connectivity (Internet/network) issues
- Firewall issues
- A server issue
- typically a server is not listening on the specified port (80 for web servers) or there is no web server running.
You either need to prove that something is happening, or disprove all the other options.
-
Firewall:
- Check your EC2 security group settings
- you need to allow inbound traffic from all sources on TCP port 80.
- Iptables:
- Ensure that there are no rules that would block port 80 (sometimes it may need to be explicitly opened; e.g. if the default input policy is DROP or you end your ruleset with a DROP). Check your iptables config with:
iptables -nvL
- Ensure that there are no rules that would block port 80 (sometimes it may need to be explicitly opened; e.g. if the default input policy is DROP or you end your ruleset with a DROP). Check your iptables config with:
- Check your EC2 security group settings
-
Server issue:
-
If you have connectivity from your computer to the server (e.g. can SSH into the computer, and have no firewall issues) - then you need to check for a server that is listening for incoming connections and able to respond to them.
-
Check that your web server is running (in the case of nginx):
ps -ef | grep nginx
- This should list out any processes that contain the name nginx - if there are none, then nginx is not running. If that is the case, you should try to start nginx (server nginx start), and (if it was running before, but no longer is) you should check your error logs. If you encounter errors starting nginx, you must resolve those errors before you can use it.
-
Once you have established that your server is in fact running, you need to verify that it is listening on the correct port. While the server will typically display an error and not start if the port it tries to bind to is in use, if it simply uses an uncommon port (or ipv6 only), the problem may not be obvious. Another common problem is to have the web server listening on the loopback interface only instead of either all interfaces or the public interface.
-
Check what, if anything, is listening on port 80 with:
netstat -pant | grep :80
-
If you have reason to doubt netstat (or simply want to try a different approach), you will get similar information from:
lsof -Pnl +M -i4
if you see no entries then nothing is listening on port 80
- if you see 127.0.0.1:80 then your web server is listening on the loopback interface and not the public interface 0.0.0.0:80 indicates all interfaces
- 10.x.x.x:80 (private IP) would indicate the public interface (typically eth0). It is worth noting that EC2 interfaces are associated with the private IP address - the public address is NAT'ed to the instance separately.
-
-
You can also check if Nginx is listening on ports other than 80 by using:
netstat -pant | grep nginx
Should you find yourself in the unusual scenario where nginx is running, but not listening on any port, there is a good chance that there is a problem with your config. In particular, Nginx will only bind a listener when a
server{}block is present - if you have noserver{}blocks, there is no need to bind a listener. (You may also wish to restart Nginx just to ensure that you are using the current config, and that there are no other problems).
-
-
-