4

I have an EC2 instance in which I am running a Flask server on port 8080.

* Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)

I can run curl and get the response from my EC2 instance.

$ curl -X GET '0.0.0.0:8080/fbeac'

However, I cannot use the public IP/DNS to get the response and running

$ curl -X GET '3.135.62.118:8080/fbeac'

results in curl: (7) Failed to connect to 3.135.62.118 port 8080: Connection refused. I get the same error when I try to curl using my local machine.

My application is listening on port 8080, which I checked by running netstat.

$ netstat -an | grep 8080
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN

Moreover, I have ensured the Security Groups are set up correctly. I have experimented with just custom TCP port 8080, all TCP ports, and (currently) all traffic. I have also opened up HTTP/HTTPS ports on the side just in case, but with no luck.

This leads me to believe it might be a firewall issue but I am on an Amazon Linux machine and the default policy seems to be to ACCEPT, which I checked by running iptables.

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Is there some other thing I should be checking or button I should be flipping?

My AWS Instance ID is i-0080c730c4287ca3c.

nerdcortex
  • 127
  • 3
  • 13
  • https://stackoverflow.com/questions/7023052/configure-flask-dev-server-to-be-visible-across-the-network please ensure if you have this line app.run(host='0.0.0.0') – Shivankar Dec 03 '19 at 10:42
  • Yes, it is globally visible. If I run the same code locally, I can access it from other computers using my machines public IP. – nerdcortex Dec 03 '19 at 15:46
  • Ok when you defined your VPC settings. Did allow it to be accessible via the Internet. As you said you have checked with Security groups So that's the next thing to be checked.Can you check your VPC configuration as well – Shivankar Dec 04 '19 at 10:46
  • https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html – Shivankar Dec 04 '19 at 10:50

2 Answers2

1

I would suggest checking what access rules are defined in your EC2 instance security groups. You might need to open up port 8080.

Also, as a side note, consider not using flask development server in production like that. It's fine for testing, but you really should be using something like uwsgi for production workloads.

dmitrybelyakov
  • 3,709
  • 2
  • 22
  • 26
  • I currently have the following 2 security groups (apart from SSH) 1. Custom TCP Rule TCP 8080 0.0.0.0/0 2. All traffic All All 0.0.0.0/0 which I think should be sufficient. Yeah, I am only using the Flask environment for testing for now. – nerdcortex Dec 03 '19 at 15:43
  • Something is not right, this should work, which I just confirmed by spinning up a new EC2 Ubuntu instance. Flask is `Running on http://0.0.0.0:8080/` and the only **Inbound** rule I have (apart from ssh) is this: `Protocol: TCP, Port Range: 8080, Source: 0.0.0.0/0`. Perhaps check if the security group in question is assigned to your EC2 instance? – dmitrybelyakov Dec 03 '19 at 16:49
  • Yep, the correct security group is assigned as well :( – nerdcortex Dec 03 '19 at 17:12
  • What kind of OS are you running on the instance? Is there another firewall running there perhaps? Can you spin up a fresh instance for testing purposes? – dmitrybelyakov Dec 03 '19 at 17:30
  • Amazon Linux 2 AMI. I doubt there's another firewall. I'll try spinning up a new instance. – nerdcortex Dec 03 '19 at 18:01
  • Same thing again: launched amazon linux 2 instance, yum install python 3, ran flask on http://0.0.0.0:8080, opened up this port in aws security group with an inbound rule. After that I was able to successfully connect with curl. – dmitrybelyakov Dec 04 '19 at 10:35
  • Im Having the same problem running a dotnet web app on port 7070? Any luck? thanks!! – johnny Jun 25 '20 at 06:37
  • https://stackoverflow.com/questions/62491794/dotnet-app-on-ec2-linux-port-7070-not-accessible?noredirect=1#comment110517110_62491794 – johnny Jun 25 '20 at 06:37
0

Just in case anyone is having this problem too, make sure that you have a Gateway configured

Ricardo Rubik Ruiz
  • 77
  • 1
  • 10
  • I can't edit my message but this is the full text "Just in case anyone is having this problem too, make sure that you have a Gateway configured with your subnet and not a NAT on AWS." – Ricardo Rubik Ruiz Feb 21 '23 at 23:30