2

Good day people.

First, im new to Windows Server. I've always used Linux/Apache combo, but, my client has and AWS EC2 Windows Server 2008 R2 instance and he wants everything in there.

Im working with IIS and PHP enabled as Fast-CGI and everything is working, but, i cant see the websites stored in it from internet.

The public DNS that AWS gave us for that instance is:

http://ec2-XX-XXX-XXX-121.us-west-2.compute.amazonaws.com/

But, if i copy paste that address, i get nothing, no IIS logo or something like that. My common sense tells me that maybe the firewall could be blocking the access.

Can anyone help me and tell where to enable some rules to get this thing working? I don't wanna start enabling rules at random and make the system insecure.

If you need any additional info, you can ask me and i will provide it.

Thanks in advance.

UPDATE:

Amazon EC2 display this:

Public DNS: ec2-XX-XXX-XXX-121.us-west-2.compute.amazonaws.com
Private DNS: ip-XX-XXX-XX-252.us-west-2.compute.internal
Private IPs: XX.XXX.XX.25

In my test microinstance, i just to use the Public DNS address (the one that starts with "ec2") and it works like a charm (of course, the micro instance have its own Public DNS im not assuming same address for both instances...)

However, for the large instance, i tried to do the same. Set up everything as in the micro instance but if i use the Public DNS, it doesnt load anything.

Im suspicious about the Windows Firewall, but, the HTTP related stuff is enabled. What should i do to get access to the large instance? I don't want to set up the domain yet, i want access from an amazon url.

2ND EDIT: all fixed.

Charles pointed that maybe Security Groups was not properly set up for the instance. He was right. Just added HTTP service to the rules and all works good.

Richard-MX
  • 135
  • 1
  • 2
  • 8
  • You should add your solution as an answer and accept that so that everyone will clearly see that your problem was solved and how. – Uwe L. Korn Oct 10 '12 at 17:37

3 Answers3

1

  1. They gave you the DNS PTR record for the instance, which is not how users will access the web site. They'll access the web site via a DNS A or CNAME record (www.domain.com).

  2. Take the ip address portion of the PTR record (xx-xxx-xxx-121) and create an A record (I'm assuming you'll want it to be www) in the domain DNS zone of the customer's domain, using that ip address in the A record.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Humm interestig, but, i have setup a microinstance for testing and i can access it from web using the long URL that is similar to what i posted. Why in the test instance (also running WS2008) i can access and not in the large instance? – Richard-MX Sep 13 '12 at 18:57
  • Right, sorry. I got ahead of the game. Are you sure that ip address is being routed to your instance? Is there a network firewall blocking access to the server? Is the Windows firewall configured to allow incoming connections for port 80? – joeqwerty Sep 13 '12 at 19:04
  • Yes, actually that's what im asking, if there is something i need to tweak to make it work :P i'll update my question. – Richard-MX Sep 13 '12 at 19:10
1

Check the Windows Firewall - Start, Run, wf.msc and ENTER

Select Inbound Rules in the l/h pane.

However, when you add the Web Server role (IIS etc), it should punch a hole for port 80 in the firewall, so I reckon this will already there. Look for two inbound rules, something like "World Wide Web Services HTTP In" and "World Wide Web Services HTTPS In".

Simon Catlin
  • 5,232
  • 3
  • 17
  • 20
  • Simon, i have three rules that mention HTTP and they are all set. Any other suggestion? I will update my question. – Richard-MX Sep 13 '12 at 19:09
  • What network profiles are the firewall rules enabled for (Domain, Private, Public) and what network profile is the server currently using? Also, can you browse the site from the server itself? – joeqwerty Sep 13 '12 at 19:14
  • Yes, i can browse the site from the server. I run http://localhost and everything works like a charm. Where i can see all that info you request? Im total newbie in Windows Server :( – Richard-MX Sep 13 '12 at 20:14
  • Look in Network and Sharing center and see if the active network is Domain, Private or Public. Then check the Firewall rules to make sure that the corresponding network profile is enabled (checked) for the inbound HTTP and HTTPS rule (on the Advanced tab of the rule). – joeqwerty Sep 13 '12 at 20:29
  • Active network is Public, all firewall rules looks ok. Any other suggestion good joe? – Richard-MX Sep 13 '12 at 20:59
  • Does the IIS need to be restarted or something like Apache does everytime you change something? – Richard-MX Sep 13 '12 at 21:00
1

Amazon EC2 has security groups that act as a firewall in front of your running instances. Ensure that you have the proper ports opened in the Security Group configuration for your instance.

Charles Hepner
  • 425
  • 1
  • 3
  • 10
  • Charles, you're right. My micro instance has port 80 enabled but the large instance does not. I've added the HTTP port 80 service to the security group. Do i need to "restart" something like the instance or something? – Richard-MX Sep 13 '12 at 21:21