Nginx – can’t access compute engine external ip

google-compute-enginenginx

I set up a google compute engine instance and installed nginx and now nginx is listening on port 80. I have a static external ip assigned to my instance and I just can't access my external ip address.

Why does this have to be so difficult? All the tutorials just say:

install nginx and go to your external ip and you should arrive at the nginx welcome screen

I set firewall rules for http/https but nothing is working. Here's some stuff to look at:

nginx server config:

listen 80;
listen [::]:80;
server_name example.com;
root /var/www/example.com;
index index.html;
location / {
  try_files $uri $uri/ =404;
}

screen shot of instance:
enter image description here

nginx running:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3490/nginx
tcp6       0      0 :::80                   :::*                    LISTEN      3490/nginx

I'm trying to go to: 104.196.111.24 but it just says safari failed to open the page

running ifconfig returns this:

docker0   Link encap:Ethernet  HWaddr 02:42:de:3f:fb:67  
          inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 02:42:ac:11:00:02  
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1460  Metric:1
          RX packets:3802 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2248 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:21591383 (20.5 MiB)  TX bytes:351275 (343.0 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3568 (3.4 KiB)  TX bytes:3568 (3.4 KiB)

Best Answer

Closed port 80

$ nmap -p80 104.196.111.24
Starting Nmap 6.40 ( http://nmap.org ) at 2016-03-09 16:25 CET
Nmap scan report for 24.111.196.104.bc.googleusercontent.com (104.196.111.24)
Host is up (0.14s latency).
PORT   STATE  SERVICE
80/tcp closed http

This leads to think there's something wrong in the firewall configuration, despite the "Allow http traffic" and "Allow https traffic" options that are checked on your screenshot. Now I don't know more about the firewall configuration of a GCE.

(NB Somewhat later: as of now, nmap reports the host is down.)

About my initial post

My initial post, below, would apply to a nginx instance running on the real host. I have missed the fact that you're actually running a Virtual Machine, where it may be normal to have nginx listening to local addresses ('something else' on the host proxies the requests to the VM). However I don't understand why the internal IP address does not show up in your ifconfig output.

Initial post content:

If I understand well, you have an nginx instance running on a server whose address is 104.196.111.24. And when you try to access this address in a web browser, you get an error.

So, I'm not absolutely sure this will work, but I notice your nginx instance is listening to port 80 on 0.0.0.0 (ipv4), what is a local address. Wikipedia says about it:

In the Internet Protocol Version 4, the address 0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown or non-applicable target.

Moreover:

In the context of servers, 0.0.0.0 means "all IPv4 addresses on the local machine".

So I think there's something to fix here, as nginx seems to be reachable only from local addresses on your server.

Moreover, if I set myself nginx to listen to port 80 on 0.0.0.0 for any of my websites, then browsing this site will return an error (like connexion has been reinitialized, not an error from nginx).

So, I would try to set nginx to listen to port 80 on the external address, like:

listen 104.196.111.24:80;

(and of course after that, check this is right with nginx -t and then reload nginx rules with service nginx reload).

EDIT: the additional information from ifconfig lets me think there's really something wrong (or not setup) in the network configuration but I can't explain it: the address of the network card (eth0, running) is 172.17.0.2, what belongs to some special IANA reserved range of addresses. I would expect 104.196.111.24 to show up in ifconfig's output, but it does not. I don't even understand how you can ssh into 104.196.111.24 without having it setup. Anyway, I think nginx can't be reached from the outside as long as it's listening on 0.0.0.0, this has certainly to be fixed in order to solve the problem, which may be done by fixing the network configuration.

Related Topic