Apache (and other services) work on localhost, but not IP address
Please check your Security Group on Amazon EC2 and if there is no rule for 443 port, add one.
Related videos on Youtube
Rocky McNuts
Updated on September 18, 2022Comments
-
Rocky McNuts almost 2 years
My Apache server is working correctly on port 80.
When I try to enable SSL on port 443, I can connect via localhost (telnet localhost 443) but not via IP address (telnet xxx.xxx.xxx.xxx 443).
To figure out where the problem is, I took my default port 80 config and changed the references to port 443. Same result. Changed back to 80 and it works fine.
Which leads me to think there's a firewall issue, not a config issue. But I have no firewall rules.
Also this site is working on a virtual machine with same Linux version, 12.04 Precise 64-bit under Virtualbox. I tar the /etc/apache2 directory and put it on the Amazon EC2 instance, I get the behavior described - port 80 works, 443 only localhost.
I'm not an expert, but not a newbie. Stumped half the day, figured time to reach out, maybe others can help/benefit. Am I missing something simple, or is there something new I have to do to open up port 443?
ports.conf:
NameVirtualHost *:80 Listen 80 Listen 443
default-ssl in sites-enabled
<VirtualHost *:443> ServerName mysite.mydomain.com:443 ... more irrelevant stuff
note if I enable only default-ssl and just change 443 to 80, it works
so, that made me think there was no Apache config issue, but some firewall issue. But I have no firewall enabled.
ubuntu@ip-xx-xx-xx-xx:/etc/apache2/sites-enabled$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
nmap localhost vs. the IP address
sudo nmap -sT -O -PN xx.xx.xx.xx Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-30 13:53 EDT Nmap scan report for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com (xx.xx.xx.xx) Host is up (0.0013s latency). Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp closed smtp 80/tcp open http 3306/tcp closed mysql Device type: general purpose Running (JUST GUESSING) : Linux 2.6.X (85%) Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (85%) No exact OS matches for host (test conditions non-ideal). OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.56 seconds ubuntu@ip-10-68-23-145:/etc/apache2/sites-enabled$ sudo nmap -sT -O -PN localhost
nmap localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-30 13:53 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000047s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 3306/tcp open mysql 9418/tcp open git No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=5.21%D=7/30%OT=22%CT=1%CU=42076%PV=N%DS=0%DC=L%G=Y%TM=51F7FD9D%P= OS:x86_64-unknown-linux-gnu)SEQ(SP=FD%GCD=1%ISR=10E%TI=Z%CI=Z%II=I%TS=8)OPS OS:(O1=M400CST11NW5%O2=M400CST11NW5%O3=M400CNNT11NW5%O4=M400CST11NW5%O5=M40 OS:0CST11NW5%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=80 OS:00)ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW5%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0% OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S= OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R= OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N% OS:T=40%CD=S) Network Distance: 0 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.70 seconds lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.2 LTS Release: 12.04 Codename: precise
-
Rocky McNuts almost 11 yearsWell, I opened up port 443 to all, no luck. I had everything open to all machines in the security group. Also everything open to my remote IP. Still, if I telnet localhost 443 it works, if I telnet <ip address> 443 from the local machine (which is in the same security as itself so you wouldn't expect it to be blocked) or from a remote machine, it times out. Port 80 works in all cases, and as far as I can see they are set up identically. I also added a Name VirtualHost directive to ports.conf so it would be the same as port 80.
-
Rocky McNuts almost 11 yearsMade ports.conf identical for port 80 and port 443.
NameVirtualHost *:80 Listen 80 NameVirtualHost *:443 Listen 443
-
Rocky McNuts almost 11 yearsargh... you're right, I'm wrong. the server was not in the security group it was supposed to be (test v prod) so the changes I made before had no effect. the behavior I see is, if I don't open the port in the firewall, I can telnet from the server to localhost or the internal IP, but not the elastic IP. This is even though there is a rule that all servers in the same security group should have all access. Took me a while, but many thanks for the right answer on the first try!