0

I have setup a Windows Server 2019 with Containers Compute Engine VM in Google Cloud. I have installed IIS. I want to go to the following URL on the local server in a browser, or via wget: http://localhost. However, I am getting back a connection refused. I tried on the Private IP and Public IP from the machine, both failed. Also fails from outside the VM using public IP.

I check with netstat and port 80 is open, and IIS is running. I ran Test-NetConnection and got the following result:

Test-NetConnection -Port 80 -ComputerName 127.0.0.1 -InformationLevel Detailed


ComputerName            : 127.0.0.1
RemoteAddress           : 127.0.0.1
RemotePort              : 80
NameResolutionResults   : 127.0.0.1
MatchingIPsecRules      :
NetworkIsolationContext : Loopback
IsAdmin                 : False
InterfaceAlias          : Loopback Pseudo-Interface 1
SourceAddress           : 127.0.0.1
NetRoute (NextHop)      : 0.0.0.0
TcpTestSucceeded        : True

So apparently the port is open but I just can't retrieve data from it.

This is super weird because it is on localhost. I also went into the VPC Network and added an HTTP Ingress (port 80) rule for 0.0.0.0/0.

I really can't figure this out. Why would I not be able to connect to a running port 80 web server on my own machine? Is there some extra firewall in this GCP image somewhere?

Any help would be greatly appreciated.

Update: I tried both localhost and 127.0.0.1 and neither work

A X
  • 469
  • 4
  • 10
  • 31
  • You tried testing `127.0.0.1`, which is the ancient address for localhost, and is not the preferred address. Try testing your connection to `localhost` instead, or its current address `::1`. Or is your app actually listening only on the old address? – Michael Hampton Feb 27 '21 at 14:04
  • I also tried it on localhost and I get the same result - it doesn't work. By the way why would 127.0.0.1 not work? @MichaelHampton – A X Feb 27 '21 at 17:54
  • Because 13 years ago Windows joined the modern world and made IPv6 the default and preferred over IPv4. A program may or may not be using IPv4 anymore, especially if it is listening only on localhost. – Michael Hampton Feb 27 '21 at 18:06
  • @MichaelHampton IPv6 is not used that much even today, and if you look at GCP VPCs for example are super IPv4 centric. IPv6 rollout has been a failure IMHO – A X Feb 27 '21 at 18:11
  • Well, that's your opinion, and I'm not going to try to argue with you. I'm only going to continue to point out reality. Whether you accept it is up to you. – Michael Hampton Feb 27 '21 at 18:14
  • I just spun up a fresh win server and installed IIS role (I agreed to reboot if needed and it wasn't needed and I agreed to install features required for Web Server IIS). Immediately after installation was done I opened the browser on the same server, typed in http://127.0.0.1 and that produced the desired result. What are you doing differenly? – jabbson Feb 28 '21 at 00:37
  • @jabbson Thanks - I put it in a private VPC instead of "default" VPC, and I am using Windows Server 2019 with Containers (not Windows Server 2019). Would that make a difference? Did you use the "with Containers" version? – A X Feb 28 '21 at 02:45
  • @AX I spun up another windows machine, this time from the image `windows-server-2019-dc-for-containers-v20210212` (is it the one you are using?). IIS still works just fine. Now could you please clarify what do you mean by private VPC? – jabbson Feb 28 '21 at 03:41
  • @jabbson Thanks; by private VPC I mean I created a new VPC network and only opened port 80 firewall rule for a specific tag, that is only applied to this VM. This VPC network does also have access (and peering) to Cloud SQL. – A X Feb 28 '21 at 04:47
  • I created a new VPC, created a single fw rule to allow RDP (allowing port 80 is irrelevant for accessing the host from the host itself, while allowing port 3389 is important to be able to connect to the instance over RDP), then I again created an instance of `windows-server-2019-dc-for-containers-v20210212` and installed IIS. http://127.0.0.1 still works. Not sure how to reproduce your issue, do you have any other ideas of what could be different? – jabbson Feb 28 '21 at 05:29
  • Can you create a new VM just for testing ? Try on another one and get back with the info if it works or no. – Wojtek_B Mar 01 '21 at 14:55
  • @MichaelHampton - Just a heads up, Google Cloud does not support IPv6 on Compute Engine. You can configure IPv6 internally, but there is no route outside the instance (public or VPC). – John Hanley Mar 08 '21 at 02:29
  • @JohnHanley I'm well aware of that. It's a bizarre limitation from a company that has been a major proponent of IPv6, and is one of the reasons I do not use Google Cloud. – Michael Hampton Mar 08 '21 at 03:58
  • @MichaelHampton - I would not let IPv6 stop you. They have good services. Besides the important public facing services such as HTTP(S) Load Balancers do support IPv6. – John Hanley Mar 08 '21 at 04:00

1 Answers1

0

Turns out the application was redirection to https by default, and the certificate was not configured, causing an error

A X
  • 469
  • 4
  • 10
  • 31