2

Have found plenty of answers to this question but nothing seems to be working.

I have a windows EC2 instance which has tomcat 8 installed and running on port 8080. I have my application deployed and I am able to access it as localhost:8080/myapp by connecting to the instance and launching the url in browser.

However, when I try to access it over my home network outside aws, the application is not able to connect.

I know this is because of security group settings but I have that covered. Even after I do

Security Groups -> Inbound -> Edit:

Custom TCP Rule : TCP: 8080 : Source Anywhere

The problem still remains. Have even tried adding a rule with all traffic but still no luck.

Also, to mention, I have an Elastic IP associated to my instance. Have been trying to access with elastic.ip:8080/myapp but not able to connect.

What else could I try? Any configuration in tomcat's xml ?

smac2020
  • 9,637
  • 4
  • 24
  • 38
roger_that
  • 9,493
  • 18
  • 66
  • 102
  • have you checked any ACL applied on that. also you can modify elastic search policy settings and add your ip. if its related to elasticsearch. – owais May 23 '18 at 10:25
  • its not at all related to elastic search. I mentioned Elastic IP. – roger_that May 23 '18 at 10:36
  • I assume there is nothing wrong with NACL since it allows all traffic by default. Have you defined multiple rules in Security Group? – Shamal Perera May 23 '18 at 10:49
  • Yes, just one more. `TCP:80:Anywhere` – roger_that May 23 '18 at 10:53
  • Can you spin up another instance that has a public ip, then connect to it. Try to call the private ip within that instance – Shamal Perera May 23 '18 at 10:57
  • I have another question @roger_that. You have said that you connected to the instance to check if the web server is running. With current 2 rules how did you connect? 3389 port needs to be enabled in order to RDP right. – Shamal Perera May 23 '18 at 11:12
  • Yeah. I mean I did enabled TCP 3389 as well to connect. – roger_that May 23 '18 at 11:14

3 Answers3

0

Image the instance and launch a new instance from the created AMI.

EC2 appears to be experiencing issues over the past 12 hours where the public interface of some instances won't accept traffic, even though other instance launched with the exact same Launch Configuration (in my case as part of an Auto Scaling Group) have no problem.

If you have premium technical support, I suggest you leave the bad instance running and file a ticket with the instance ID, public IP address, etc.

ben
  • 1
  • 1
0

I would check if "wget" working or not. If yes, meaning the tomcat server is up & running.

wget <hostname>:8080

Also Your computer at home might have a firewall which prevents you from retrieving port 8080. Can you try telnet to the server at port 8080 from your home machine?

Finally check IPtables on the server as well:-

iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Kailash Gajara
  • 63
  • 10
0

Be sure tomcat isn't only listening on 127.0.0.1:8080. Which would make it available to localhost but not elsewhere. Look in your server.xml for the connectors address and make sure it's set to 0.0.0.0 to listen on all interfaces:

# Example
<Connector port="8080" protocol="HTTP/1.1" 
           address="0.0.0.0" />

You can also look at the output of netstat -an | grep :8080 you should see a line like

tcp        0      0 0.0.0.0:8080              0.0.0.0:*               LISTEN

If instead you see

tcp        0      0 127.0.0.1:8080              0.0.0.0:*               LISTEN

You know that it's only listening on 127.0.0.1 which won't be available outside your local host.

Brandon Miller
  • 4,695
  • 1
  • 20
  • 27
  • added the same. however, the connector entry has one more field `redirectPort=8443`. Anything to do with that? – roger_that May 25 '18 at 16:12
  • This is what I get after netstat `TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING` `TCP 127.0.0.1:8080 127.0.0.1:53417 ESTABLISHED` `TCP 127.0.0.1:8080 127.0.0.1:53419 ESTABLISHED` `TCP 127.0.0.1:8080 127.0.0.1:53420 ESTABLISHED` `TCP 127.0.0.1:53417 127.0.0.1:8080 ESTABLISHED` `TCP 127.0.0.1:53419 127.0.0.1:8080 ESTABLISHED` `TCP 127.0.0.1:53420 127.0.0.1:8080 ESTABLISHED` – roger_that May 25 '18 at 16:21
  • It would appear based on this line `TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING` that its listening on all addresses like you need. The redirect port should only matter if the request is HTTPS – Brandon Miller May 25 '18 at 17:16