1

Problem: Simply getting a new EC2 windows instance up and running hosting a simple Hello World web app, and unable to connect to it from any other machine

Ok, I feel foolish asking this, as I've gotten this to work many times for years. But today, for no discernable reason, I am stumped.

New Windows Server 2022 base instance. Run simple .net web app listening on port 80 Locally browse to http://localhost and it works fine Turn on Firewall rule to allow port 80 In AWS Security Groups, allow port 80

Test with the public IP: Site cannot be reached

Disable Windows Firewall completely: same result

Use an alternative port, 5001, 8080, allowing them in the firewall, and with AWS security rules: same result

Try from another EC2 instance in the same subnet: same result

Make sure that locally the simple web app is working: yes

As I mentioned I feel like I am missing some critical and obvious thing.

Please be kind, as I have tried many solutions for this and am hitting a wall, and am humbly asking for help, not ridicule.

Here is the firewall of and connecting locally:

enter image description here

Here is the security groups:

enter image description here

Here is the subnet network ACL:

enter image description here

Here is the not connecting:

enter image description here

Daniel Williams
  • 8,912
  • 15
  • 68
  • 107
  • Since you are connected over RDP, it means either the security the group or the subnet ACL is not allowing traffic on the required port – Paolo Aug 06 '22 at 17:45
  • @Paolo I added a screen shot of the security groups. As for ACL in the subnet, this is the same subnet I use for all the other servers in this VPC. And the Inbound Rules allow all traffic from all sources by default. – Daniel Williams Aug 06 '22 at 17:52
  • Try using the ip:port explicitly, e.g. `52.38.234.126:8080` (or whatever port the app is running on) – Paolo Aug 06 '22 at 18:09
  • Ok tried that, still no luck. I even moved from Server 2022 to Server 2019, which my other ones are. Besides Firewall is there anything else on the Windows side I could be missing? – Daniel Williams Aug 06 '22 at 18:15
  • OK here is a clue - this machine does not have IIS on it. I'm not running an IIS app - but could it be that there are services and things IIS sets up which are needed? – Daniel Williams Aug 06 '22 at 19:18
  • Nah, IIS cannot be it. The app runs fine locally. No IIS needed at all. And netstat tells me that it's running on my port as expected. – Daniel Williams Aug 06 '22 at 19:26
  • I have followed this, to no avail:https://stackoverflow.com/questions/40319653/problems-connecting-to-public-ip-address-from-ec2-instance – Daniel Williams Aug 06 '22 at 19:41
  • OK, got IIS running, and it works just fine externally on ports 80, 5001, and 5002. But a simple Web API (the weather forecast app), works locally, but not externally. No other changes. – Daniel Williams Aug 06 '22 at 20:09
  • Try running `netsh http add iplisten 52.38.234.126` – Paolo Aug 06 '22 at 20:18
  • That did not work but in my .net app I replaced: app.Run("http://localhost:5001") with app.Run("http://0.0.0.0:5001") and it works! I do not quite understand why. – Daniel Williams Aug 06 '22 at 20:25
  • Here's why https://stackoverflow.com/a/20778887/3390419 – Paolo Aug 06 '22 at 20:36

1 Answers1

0

Found the answer. I was running my aspnet.core app using:

app.Run("http://localhost:5001")

But should have been using: app.Run("http://0.0.0.0:5002")

The first tells the app to listen ONLY on IP 127.0.0.1, while the second says listen on ALL IP addresses.

After much searching I found the clue here:

https://weblog.west-wind.com/posts/2016/sep/28/external-network-access-to-kestrel-and-iis-express-in-aspnet-core

Specifically this:

In order to expose Kestrel externally you either have to bind to a specific machine name, IP Address or 0.0.0.0 which stands for all IP Addresses (thanks to @DamianEdwards and @BradyMHolt for their help).

So it really is just these threes main things needed:

  • Windows Firewall allow port
  • App running on port
  • AWS Security Rules for port

However, the way the the application binding is made is critical!

This is also helpful: What is the difference between 0.0.0.0, 127.0.0.1 and localhost?

Daniel Williams
  • 8,912
  • 15
  • 68
  • 107