node.jsamazon-web-servicesnginxamazon-ec2amazon-linux

"connect ECONNREFUSED" with Nginx on AWS EC2


I'm deploying my node server to AWS and came across a problem. Everytime I try to connect to my instance over HTTP I get this error

Error: connect ECONNREFUSED [INSTANCE PUBLIC IP]:80

I've deployed servers many times but this is the first time I'm facing this particular issue. Would love some help on it.

Below is some information that I've gathered to troubleshoot the issue.

Security Group Settings

PORT 80 is open

VPC Settings

All ports are open

Nginx Config

server {
    listen 80;
    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

sudo systemctl status nginx

● nginx.service - The nginx HTTP and reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-07-19 07:22:44 UTC; 17min ago
    Process: 31332 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
    Process: 31333 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
    Process: 31334 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
   Main PID: 31335 (nginx)
      Tasks: 2 (limit: 1114)
     Memory: 2.2M
        CPU: 54ms
     CGroup: /system.slice/nginx.service
             ├─31335 "nginx: master process /usr/sbin/nginx"
             └─31336 "nginx: worker process"

netstat -tunlp

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::3001                 :::*                    LISTEN      28321/node /home/ec 
tcp6       0      0 :::3000                 :::*                    LISTEN      28193/node /home/ec 
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
udp        0      0 127.0.0.1:323           0.0.0.0:*                           -                   
udp        0      0 172.31.17.134:68        0.0.0.0:*                           -                   
udp6       0      0 ::1:323                 :::*                                -                   
udp6       0      0 fe80::80:45ff:fef1::546 :::*                                - 

sestatus

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Couple of other observations to note

Leads me to believe that the request might not be reaching Nginx or Nginx may not have the correct permissions.


Solution

  • Ok so I had the liberty to setup a new EC2 instance since it was my account. So I setup a basic Node server and connected directly to 3000 port over the internet and it responded. Next I installed Nginx and that also worked fine. I started adding things one-by-one checking my connectivity status.

    Turns out the culprit was iptables-services

    Since I don't have the need for it. I just removed it from my main server and it started connecting. Though I don't know what the actual issue was since all my rules were correctly configured.

    Commands to uninstall were

    sudo systemctl stop iptables
    sudo yum remove iptables-services