4

I've created an EC2 instance, but I seem unable to reach a service I've launched on it (say on port 1234). The instance is

  • part of a permissive security group with all traffic from anywhere allowed (I know this is not advisable, but it's just to get this working)
  • in a public subnet of a VPC

I've launched an httpd server on the instance and verified I can reach it on port 80 from either my machine or another EC2 instance in the same subnet. I've also verified that I can curl localhost:1234 from the original EC2 instance.

But I get Failed to connect to $MY_IP port 1234: Connection refused whenever I try to curl the port from my machine or the other EC2 instance in the same subnet (trying both private and public IP). What could still be blocking the request? How can I start to debug?

I've already looked through answers like these, but my security group should already allow this traffic. security group detail

mwlon
  • 798
  • 5
  • 19
  • Can you clarify? You wrote that it works "I can reach it on port 80", but then it does not work? What exactly is the issue? – Marcin Aug 26 '21 at 23:53
  • I'm trying to run my own service, not `httpd`. I would prefer to run on some arbitrary port (say `1234`), but even if I try to use port `80` for the service (with `httpd` off), I get a `Permission denied` error from the Linux OS on service startup. – mwlon Aug 27 '21 at 00:52
  • If you ssh to the instance, can your `curl` your application on your port to confirm that it works? – Marcin Aug 27 '21 at 00:54
  • Yes, I can `curl localhost:1234` from the instance running the service. I can't curl it from the other EC2 instance I've spun up though – mwlon Aug 27 '21 at 01:03
  • 1
    Maybe you bound your app to localhost, not regular network interface. Also make sure you don't have any os-level firewalls (ufw). – Marcin Aug 27 '21 at 01:05
  • 1
    Aha that was it. I see now that binding to `localhost:1234` filters out traffic from other IPs, and `0.0.0.0:1234` listens to traffic from all IPs. – mwlon Aug 27 '21 at 01:20

1 Answers1

5

Based on the comments.

The issue was caused by binding application to localhost, which makes it only accessible from within the instance. Changing the binding to 0.0.0.0 solved the problem.

Marcin
  • 215,873
  • 14
  • 235
  • 294