Help Center/ Elastic Cloud Server/ Troubleshooting/ General Issues/ Why Am I Unable to Connect to a Port on an ECS?
Updated on 2023-04-03 GMT+08:00

Why Am I Unable to Connect to a Port on an ECS?

Scenarios

A connection to an ECS on a specific port may be prevented for multiple reasons, for example, a security group is blocking traffic to the port.

This section uses port 80 as an example to describe how to troubleshoot an unreachable ECS port.

Locating the Fault

If the ECS cannot provide the HTTP service, check whether the port used by the web service (TCP port 80 by default) is working properly.

  1. On the ECS management console, ensure that the port is permitted in the security group.
  2. Remotely log in to the ECS and ensure that HTTP is enabled on it.
  3. Ensure that the port is listened to properly. If it is not, change the listened IP address.
  4. Ensure that HTTP is permitted on the ECS firewall.

Windows

The following uses an ECS running Windows Server 2012 with Internet Information Services (IIS) deployed as an example.

  1. Ensure that port 80 is permitted in the security group.

    1. Log in to the management console.
    2. Click in the upper left corner and select your region and project.
    3. Under Compute, click Elastic Cloud Server.
    4. On the Elastic Cloud Server page, click the name of the target ECS.

      The page providing details about the ECS is displayed.

    5. Click the Security Groups tab and view security group rules.
    6. Make sure that the following security group rules have been added to the security group to which the ECS belongs:

  2. Remotely log in to the ECS and verify that IIS is enabled on it.

    1. In the Server Manager window, choose Tools > Internet Information Services (IIS) Manager.

      If this option is unavailable, IIS is not successfully deployed. In such a case, deploy IIS again.

    2. In the Internet Information Services (IIS) Manager window, check the following information:
      • In the Connections navigation pane, right-click the ECS ID. If Connect is unavailable, IIS has been enabled.
      • Click Sites. Then, view the website status on the right side of the page. If the website is stopped, click the website and then Start under Manage Server on the right side of the page to start the website.

  3. Check whether the port is properly listened to on the ECS.

    Open the cmd window and run the following command:

    netstat -ano | findstr: 80

    If information similar to the following is displayed, port 80 is being properly listened to on the entire network. If it is not, change the listened IP address.

  4. Ensure that HTTP is permitted on the firewall.

    1. Choose Control Panel > Windows Firewall.
    2. Perform operations based on the firewall status.
      • If the firewall is disabled, no further action is required.
      • If the firewall is enabled, perform the following operations:
        1. Click Advanced settings.
        2. In the navigation pane, click Inbound Rules.
        3. Select World Wide Web Services (HTTP Traffic-In). If it is disabled, enable the rule.

Linux

The following uses an ECS running CentOS 7 with Nginx deployed as an example.

  1. Ensure that port 80 is permitted in the security group.

    1. Log in to the management console.
    2. Click in the upper left corner and select your region and project.
    3. Under Compute, click Elastic Cloud Server.
    4. On the Elastic Cloud Server page, click the name of the target ECS.

      The page providing details about the ECS is displayed.

    5. Click the Security Groups tab and view security group rules.
    6. Make sure that the following security group rules have been added to the security group to which the ECS belongs:

  1. Remotely log in to the ECS and ensure that Nginx is enabled on it.

    Run the following command to check whether Nginx has been enabled:

    systemctl status nginx

    If the following information is displayed, Nginx has been enabled:

    If Nginx has not been enabled, run the following command to enable it:

    systemctl start nginx

  2. Run the following command to check whether the port is properly listened to on the ECS:

    netstat -an | grep 80

    If information similar to the following is displayed, port 80 is being properly listened to on the entire network. If it is not, change the listened IP address.

    tcp   0 0 0.0.0.0:80    0.0.0.0:*     LISTEN

  3. View the iptables rules of the ECS firewall.

    • Run the following command to view the firewall status:

      systemctl status firewalld

      or

      firewall-cmd --state

    • If the firewall is disabled, run the following command to enable it.

      systemctl start firewalld

      If "Failed to start firewalld.service: Unit is masked." is displayed after the command is executed, run the following command and then run the preceding command to enable the firewall again:

      systemctl unmask firewalld

    • Run the following command to view the allowed ports:

      firewall-cmd --zone=public --list-ports

    • Run the following command to allow TCP port 80:

      firewall-cmd --zone=public --add-port=80/tcp --permanent

    • Run the following command to update the firewall rules:

      firewall-cmd --reload