0

I'm working my way through my first nginx / gunicorn / flask deployment using a stock Amazon Lightsail Ubuntu server. At this point, I'm ignoring gunicorn and flask, and just trying to get nginx to serve my static files.

I am able to get a static file while ssh-ed into the server using:

curl -k https://localhost/static/test.txt

However, when I attempt to access the url https://my.ip.add.here/static/test.txt the request times out.

I'm running ufw with 80 and 443 (and 22) open, but even disabling it does not solve the problem.

I do not see any errors in /var/log/nginx/error.log or /var/log/nginx/access.log. (Although it appears that the logs don't contain my most recent successful curl attempts, do they need to get flushed in any way?)

Can anyone suggest what the problem might be, or where I should look for additional errors?

[UPDATE] Here are the results from ss-ntlpe:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN     0      128               *:80                            *:*                   
users:(("nginx",pid=17623,fd=6),("nginx",pid=6845,fd=6)) ino:26170 sk:1 <->
LISTEN     0      128               *:22                            *:*                   
users:(("sshd",pid=1371,fd=3)) ino:16267 sk:2 <->
LISTEN     0      128               *:443                           *:*                   
users:(("nginx",pid=17623,fd=13),("nginx",pid=6845,fd=13)) ino:28373 sk:3 <->
LISTEN     0      128       127.0.0.1:8000                          *:*                   
users:(("gunicorn",pid=17582,fd=5),("gunicorn",pid=17580,fd=5),("gunicorn",pid=17578,fd=5)
,("gunicorn",pid=17577,fd=5),("gunicorn",pid=17574,fd=5)) uid:1000 ino:45243 sk:4 <->
LISTEN     0      128              :::22                           :::*                   
users:(("sshd",pid=1371,fd=4)) ino:16269 sk:5 v6only:1 <->
Larry Lustig
  • 113
  • 6
  • Sure that Nginx is listening on all interfaces ? "ss -ntlpe" – Dom Jul 31 '18 at 18:00
  • Nothing in nginx' logs, so your not reaching nginx. Firewall on the client? Wrong routing? – Gerard H. Pille Jul 31 '18 at 21:18
  • @Dom: `ss -ntlpe` does show nginx listening on 80 and 443 but it shows *two* nginx processes (with different pids) listening. Could that be the problem? I'm unable to cut-and-paste from the Amazon-provided ssh terminal but will try to get the complete output from `ss` posted. – Larry Lustig Aug 01 '18 at 12:21
  • @GerardH.Pille: Pretty sure there's no outbound firewall on my laptop as I'm able to see every other website I try. As for the routing, I'm under the impression that my `curl` and remote commands shown in the post will route to the same static file -- could I be making a mistaken assumption there? – Larry Lustig Aug 01 '18 at 12:23
  • On what IP addresses is nginx listening? IPv4 or IPv6? Have you configured AWS to accept incoming requests? – Gerard H. Pille Aug 01 '18 at 12:32
  • More than one process is normal, but could you check on which interface the process is listening ? "::1:443", ":::443" ? – Dom Aug 01 '18 at 18:21
  • @Dom: I added the output of ss to the post. I'm not sure what "interface" refers to in this context, but it appears to be ":443". – Larry Lustig Aug 02 '18 at 03:29
  • @GerardH.Pille: I made no firewall changes in AWS aside from the changes to `ufw` on this individual server. However, I now see that on the Amazon management console for this server, there is a "Firewall" section that lists only ports 22 and 80. I'll try that now. – Larry Lustig Aug 02 '18 at 03:33
  • If I read the ss output correctly, nginx is only listening on IPv4. You can see that sshd (22) is listening op both IPv4 (*) and IPv6 (::) – Gerard H. Pille Aug 02 '18 at 06:58
  • Yes SSH is listening on both, but NGINX only on IPv4 (*:443 and NOT :::443). So if you are using an IPv6 address in my.ip.add.here it will not working. – Dom Aug 02 '18 at 07:03
  • @GerardH.Pille: The management panel firewall setting allowed me to see my static files. If you post an answer to that effect, I'll mark it as correct for anyone who finds this question. Any information you can add about this firewall (I assume it's some edge appliance and not running directly on the ubuntu instance?) would be helpful. Thanks for the help! – Larry Lustig Aug 02 '18 at 12:35
  • @Dom: While I was able to reach my server listening only on IPV4 I've made the changes necessary to have it listen on the IPV6 interfaces as well. – Larry Lustig Aug 02 '18 at 12:43
  • OK, but since I don't have access to AWS myself, I'm only guessing. I tried to help someone else, without success, but noticed a very strange network configuration (impossible routes, eg), so that I also suspected that eg. the database was running in a docker, and not accessible by a php application. – Gerard H. Pille Aug 02 '18 at 13:08

1 Answers1

1

You need to grant access through the management console in the first place. The configuration changes you would make on a physical system, seem to have a very limited effect inside an AWS.

Gerard H. Pille
  • 2,569
  • 1
  • 13
  • 11