5

I used the AWS Ethereum Template to deploy an Ethereum stack. The stats page works, and is showing the workers and mining stats, however, the explorer page is showing

'Allow Access to Geth and Refresh the Page'

I have recreated my stacks, and went over each step twice to make sure I wasn't missing something. I also followed some of the posts on fixing this issue (setting the IP manually in my app.js), but that didn't seem to work either.

I am not sure what code to provide, but will do so if anyone asks.

Template tutorial - https://docs.aws.amazon.com/blockchain-templates/latest/developerguide/blockchain-templates-getting-started.html

PolarisUser
  • 719
  • 2
  • 7
  • 18

2 Answers2

1

I had to put my Bastion host in the ec2 security group, instead of just the alb security group. the documentation does not say this, so I am wondering if I have something else not setup correctly. I am going to close this for now, but if I find the root cause, I will update.

The step is at the very bottom of this doc: https://docs.aws.amazon.com/blockchain-templates/latest/developerguide/blockchain-template-getting-started-prerequisites.html

edit: I opened up a pull request. Hopefully AWS can tell me what I did wrong, or if the documentation is actually wrong. https://github.com/awsdocs/aws-blockchain-templates-developer-guide/pull/2

PolarisUser
  • 719
  • 2
  • 7
  • 18
  • After i have followed the exact guidelines on the documentation page, and setting the socks proxy correctly, the Explorer does not work, it gives the error 'allow Access to Geth and Refresh the Page'. Which is the same issue you had. But in my case, I also notice that trying to access the rpc endpoint directly gives a 503 service unavailable error. Did geth not start in the ec2 machines? Besides i tried changing the security group of the bastion host to the private one and that did not resolve the issue – akinmail Sep 26 '19 at 14:33
  • Can you remember what else you did, just putting the bastion host in the ec2 security group does not work – akinmail Sep 26 '19 at 14:45
0

Putting your Bastion in the EC2 Security Group (private) defeats the purpose of having a Bastion. I'm a user too, and have managed to get past this step. You should notice that these instructions require the creation of 3 subnets: 1 private, and 2 public subnets in different zones of the same region. Your EC2 instances reside in the private subnet, your ALB in both public subnets, and your Bastion in one of the public subnets.

Once you setup the security groups, the public group (such as the Bastion instance) can be reached from the Internet, and the members of the public and private group have access to each other. So you can SSH into the Bastion, and from there either hop via another SSH or a FoxyProxy setup to the private EC2s.

I assume you're looking at the stats page while SSH-ing into the Bastion and using FoxyProxy to make your local machine a Bastion proxy with access to the "internal*" DNS addresses. The page itself is being serviced by the ALB machine. So if it's missing any access, it suggests to me that the private / public security groups may be missing inbound / outbound rules to each other, so I would double check that.

Hope this was helpful.

Amin Ariana
  • 4,635
  • 2
  • 35
  • 21