Can't access site on EC2 instance via public ip

windows amazon-ec2

I have Amazon EC2 micro instance with window 2008 server and deployed one sample web application over there which uses java and deployed on tomcat 7 server. I am able to access it locally on instance, but when I tried to access it outside of AWS instance lets say from my home computer using AWS public DNS / public IP address/ Elastic IP address of the instance, it gives me "Web page is not available".

I have gone through so many similar questions in this forum and i think i have done all the setting they are asking to do, but still no success.

Here is what I have done/confirmed.

1. localhost works, so application listens on port 80.

2. added inbound rule for HTTP on port 80 for everyone under the security group that my instance is using.

3. checked firewall setting on windows instance, made sure port 80 is not blocked.

4. tried even with turn off firewall, but no success.

I would really appreciate if some one can help me on this.

Thanks, NS


Solution 1:

I had a similar frustrating problem when I installed JetBrains YouTrack on a Windows Server 2012 ec2 instance. What worked for me was opening the Windows firewall ports that java was using specifically and disabling the World Wide Publishing service port. I also had to run the YouTrack service under the LocalSystem account instead of the default account.

Try this:

  • Turn off the default website in IIS if it is in use

  • Run a netstat -a -b to discover the ports the java.exe was attempting to bind to e.g:

    TCP 0.0.0.0:80 WIN-9NFIG6IEPT6:0 LISTENING [java.exe]

    TCP 127.0.0.1:49306 WIN-9NFIG6IEPT6:49307 ESTABLISHED [java.exe]

  • Open the service control manager and right click on your service and open the properties dialog. On the Log On As tab select Local System Account as the account the service runs under. It's important that this user be Administrator

  • I highly recommend turning the firewall back on.
  • Open the firewall Inbound rules tab and disable the World Wide Web Services (HTTP-In) Rule

  • Create a new rule for Tomcat with TCP Port 80 and any other port it might need.

  • Save the rule and test your url from outside the server.

Solution 2:

You shouldnt be turning off firewall setting completely. This would compromise the security of your app. Instead modify the windows server inbound firewall rules to allow incoming traffic on specific ports.

I had a similar issue where I had deployed an app on Tomcat 8 on windows 2012 server provisioned through AWS EC2. I could access the deployed app on http://localhost:8080 from within the VM but not from the public internet after replacing the string localhost in the URL with public IP address of the VM.

It worked fine after I changed the firewall rules to allow incoming traffic on port 80 (for http), port 443 (for https) and port 8080 (this is the port at which my web app was deployed to by default on the tomcat server.

I have documented the firewall and security group configs at the link below:

http://abhirampal.com/2015/08/04/firewall-config-for-java-web-app-hosted-on-aws-ec2-windows-2012-server/

Solution 3:

Two things for me:

  1. Modification of the Security group attached to my RDS instance to allow traffic in and out

  2. Setting inbound and outbound rules in the RDS for the application port

Detailed steps:

  • On the top bar of you AWS console, click Services, select EC2

  • On the left menu of the next window, under instances, click instances to view you instances

  • In the table that contains the instance you want to access from the public, scroll to the right to a column named Security Groups. Click on this security group.

  • In the table that displays, scroll to the bottom of it that has description of the security group and other tabs like Inbound, Outbound, Tags
  • Click on the inbound tab. Click edit. By default there is one rule (RDP).
  • Lets add two more
  • Click Add Rule button.
  • Select All Traffic for Type, All for Protocol
  • Leave the port range (0 - 65535), select source as Custom.
  • All these apply for both rules 2) For the first rule, in the text box that appears after source, put 0.0.0.0/0 3) For the second rule, put ::/0 4)

  • Hit Save

    Now login to your AWS RDS to set inbound and outbound rules through the fire wall

  • Launch the control panel. Click on System and Security (may be the first), and click on Windows Fire wall. Then click on Advanced Settings

  • Click on Inbound Rules menu on the left.

  • In the Actions tab (on the right), click New Rule

  • Select Port and click next

  • Select TCP (if not selected), and below Select Specific local ports.

  • In the field put in the port number of your application and click next

  • Select Allow the connection and click next.

  • Specify the rule name. Something like the name of your app for readability purposes and click finish

Then lets configure out going traffic

  • On the same menu as for Inbound Rules, Select Outbound rules and follow the same procedure as described for inbound rules
  • After these settings, you must be able to access your application from outside

Solution 4:

You probably missconfigured the webserver. You can test that by connecting to the server via:

telnet $IP 80

if you are not getting an error, you can connect. In this case you did not set the webserver up correctly.

Solution 5:

A rule for Inbound TCP port 80 may need to be entered in the AWS Security Group for your instance.

Related

Is there a simple way to export/import firewalld settings?
df -h only shows 10GB, but I've assigned a 500GB disk to the GCE instance
How to kill all python processes except one from bash
How is this email subverting SPF checks?
ssh -R make target host accept connection on all interfaces
Do LTO tapes have spare/unused capacity?
docker swarm database connection reset by peer
What does a domain controller (DC) use a certificate for?
Debugging DNS resolution error
Will we have interference or reliability issues with many bluetooth devices in a small area
Is it okay to put a 2U server in a 2-post rack?
Postfix throttling for outgoing messages