I'm deploying my node server to AWS and came across a problem. Everytime I try to connect to my instance over HTTP I get this error
Error: connect ECONNREFUSED [INSTANCE PUBLIC IP]:80
I've deployed servers many times but this is the first time I'm facing this particular issue. Would love some help on it.
Below is some information that I've gathered to troubleshoot the issue.
Security Group Settings
VPC Settings
Nginx Config
server {
listen 80;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
Active: active (running) since Fri 2024-07-19 07:22:44 UTC; 17min ago
Process: 31332 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 31333 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 31334 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 31335 (nginx)
Tasks: 2 (limit: 1114)
Memory: 2.2M
CPU: 54ms
CGroup: /system.slice/nginx.service
├─31335 "nginx: master process /usr/sbin/nginx"
└─31336 "nginx: worker process"
netstat -tunlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::3001 :::* LISTEN 28321/node /home/ec
tcp6 0 0 :::3000 :::* LISTEN 28193/node /home/ec
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.1:323 0.0.0.0:* -
udp 0 0 172.31.17.134:68 0.0.0.0:* -
udp6 0 0 ::1:323 :::* -
udp6 0 0 fe80::80:45ff:fef1::546 :::* -
sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
Couple of other observations to note
curl http://localhost:80/
on the system does return a valid response from the Node serverLeads me to believe that the request might not be reaching Nginx or Nginx may not have the correct permissions.
Ok so I had the liberty to setup a new EC2 instance since it was my account. So I setup a basic Node server and connected directly to 3000 port over the internet and it responded. Next I installed Nginx and that also worked fine. I started adding things one-by-one checking my connectivity status.
Turns out the culprit was iptables-services
Since I don't have the need for it. I just removed it from my main server and it started connecting. Though I don't know what the actual issue was since all my rules were correctly configured.
Commands to uninstall were
sudo systemctl stop iptables
sudo yum remove iptables-services