0

I have my webapp running on Tomcat which is running on an EC2 instance. I have set up my instance's inbound rules properly.

When I enter <myWebsite.com>:8080 it works from my browser. For <myWebsite.com> it does not load. Rather I get the following error message:

This site can’t be reached <myWebsite.com> refused to connect.
Search Google for <my Website> home
ERR_CONNECTION_REFUSED
Thomas Kainrad
  • 2,542
  • 21
  • 26
sofs1
  • 3,834
  • 11
  • 51
  • 89

2 Answers2

2

When you try to connect directly via myWebsite.com, your browser will default to http on port 80. Apparently, your webserver is listening on port 8080 though.

You need to configure Tomcat to listen for incoming requests on port 80.

There are many tutorials and questions here on stackoverflow about how to change the tomcat port from 8080 to 80.

E.g from How to change the port of Tomcat from 8080 to 80?:

1) Go to conf folder in tomcat installation directory

e.g. C:\Tomcat 6.0\conf\

2) Edit following tag in server.xml file

3) Change the port=8080 value to port=80

4) Save file.

5) Stop your Tomcat and restart it.

Keep in mind that, by default, Tomcat will not start on port 80, unless run as root. However, running as root is generally considered bad practice. The following resource summarizes well how to mitigate this problem with Tomcat and EC2: https://www.excelsior-usa.com/articles/tomcat-amazon-ec2-advanced.html#port80

The easiest solution would be to redirect the tomcat port (e.g.8080) via iptables:

sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo /sbin/service iptables save
Thomas Kainrad
  • 2,542
  • 21
  • 26
  • Tried it. Doesn't work. Tried Authbind as well. Doesn't work. – sofs1 Mar 13 '19 at 08:51
  • After doing as you said In catalina.out, `13-Mar-2019 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-nio-0.0.0.0-80"] java.net.SocketException: Permission denied org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-80]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80] Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed Caused by: java.net.SocketException: Permission denied` – sofs1 Mar 13 '19 at 09:06
  • Good answer(+1). As per the new comment it is an amazon-ec2 or more generally unix specific issue. The solutions is here: [ec2 and tomcat7: can't connect on port 80](https://serverfault.com/questions/317679/ec2-and-tomcat7-cant-connect-on-port-80#317683) @sofs1 – Selaron Mar 13 '19 at 09:11
  • Thank you! I added information about how to mitigate port 80 permission problems. In general, I think my answer was correct. The problem is that you need to have your Tomcat listen on port 80. – Thomas Kainrad Mar 13 '19 at 09:39
0

Ok, After following several answers in StackOverflow, following worked

sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo /sbin/iptables-save

Following didn't work

  1. Assigning Elastic Ip for VPC and using it to connect to the instance.
  2. Changing tomcat server.xml port from 8080 to 80.

Note: My Ec2 instance's security group's inbound rules were accepting HTTP at port 80 from anywhere.

sofs1
  • 3,834
  • 11
  • 51
  • 89
  • I think it should be noted that configuring tomcat to run on port 80 is a viable alternative. However, only if run as root or configured in conjunction with authbind. – Thomas Kainrad Mar 14 '19 at 00:10