Background
I got an aws machine that's running both a laravel app, and now I've tried to install beanstalk console. This is what the nginx config file of the laravel app look like:
include forge-conf/default/before/*;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name default;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols ..
ssl_ciphers ..
ssl_prefer_server_ciphers on;
ssl_dhparam ..
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
this is what the nginx config file of the beanstalk app looks like:
server {
listen 8080;
listen [::]:8080;
server_name beanstalk_server;
root /home/forge/beanstalk-console/public;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Question
when I try to hit server-ip:8080
, I get the error:
server-ip took too long to respond.
I've made sure this isn't a permissions thing, as I updated the inbound rules for the aws instance like so:
but still no luck, I know this isn't a problem with the beanstalk console itself, b/c if i simply switch ports (ie if make the beanstalk console listen to port 80 instead of 8080, it works just fine.. I also tried a different port like 1515 and it still didn't work)..
also i know that localhost:8080 works just fine, b/c running
wget localhost:8080
does return the html site for beanstalk.
one thing to keep in mind is that my aws machine is also sitting behind a load balancer.. which forwards http requests at the load balancer at port 80 to port 80 of the machine.. but i don't think that would make any difference
what do i do?
update
i checked my access log (tail -f /var/log/nginx/access.logtail -f /var/log/nginx/access.log
) and error logs ($ tail -f /var/log/nginx/error.log
) and found nothing there when i tried to access beanstalk
this is the output of my netstat command
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11997/nginx -g daem
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 11997/nginx -g daem
tcp 0 0 10.0.17.158:80 10.0.1.251:19336 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.17.87:62074 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.17.101:59938 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.17.101:60988 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.1.21:63633 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.1.21:62603 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.17.87:63110 ESTABLISHED 11998/nginx: worker
tcp 0 0 10.0.17.158:80 10.0.1.251:20344 ESTABLISHED 11998/nginx: worker
tcp6 0 0 :::80 :::* LISTEN 11997/nginx -g daem
tcp6 0 0 :::8080 :::* LISTEN 11997/nginx -g daem
update 2: firewall settings
It seems port 8080 is not firewalled.. see this command:
netstat -ntlp | grep LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:11300 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11998/nginx: worker
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 11998/nginx: worker
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp6 0 0 :::3306 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN 11998/nginx: worker
tcp6 0 0 :::8080 :::* LISTEN 11998/nginx: worker
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
I also ran nmap:
nmap 10.0.17.158
Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-11 10:38 EEST
Nmap scan report for 10.0.17.158
Host is up (0.000068s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
5432/tcp open postgresql
8080/tcp open http-proxy
Best Answer
Building on up Shadi's answer, and after checking that AWS was indeed routing the 8080 port to the machine, the issue turned out from the
iptables
.I'm not sure how to check if a port is blocked or not using iptables, but here's a command that will allow port 8080:
This is the iptables command that allows access to port 8080 from an OS level:
(for reference on the iptables command, see this excellent post, direct quotes are formatted as such, and I also added my own explanations to the rest):
-i eth0: This component of the rule matches if the interface that the packet is using is the "eth0" interface (ethernet).
-p tcp: this is simply specifying the tcp protocol
-- dport 8080: the port we're talking about
How to check if the port is opened or not?
As mentioned in the above link as well, you can simply run the following:
this will output a lot of rules, depending on your setup. To cut through the chase, just run this command
so from there you can immediately know what's going on with port 8080
How to persist the iptables command?
Just use the
iptables-persistent
package:It will persist the iptables rules on fresh install, refer to the above link for more details