Stuck with an Unresponsive Website on EC2? We can help you.
At times, we may fail to connect to the public website on the Amazon EC2 instance.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how we can resolve this issue.
Unresponsive Website on EC2
Websites can become unreachable for multiple reasons. To make sure the configuration settings are correct, our Support Techs recommend the following:
Verify the instance runs and passes both status checks.
First and foremost, we need to ensure the instance is listed as running in the Amazon EC2 console.
We can view the status check metrics to determine if the instance fails the system status check or the instance status check.
If it fails, it might be due to operating system-level issues.
Verify that the instance boots correctly.
To find boot errors, we can check the instance’s system logs.
Most often it will be kernel panic errors or other operating system errors.
Verify the instance’s security group and network ACL configuration.
The instance’s associated security group and network ACL should allow traffic on ports 80 and 443.
In addition, the route table in the instance’s subnet should have a default route to an internet gateway.
Verify that the instance has the correct DNS configuration.
Suppose the website uses Route 53 DNS service. In that case, we verify the configuration of the DNS records.
The instance must have an Elastic IP address assigned to it.
We have to map the public IP address or Elastic IP address to an A-record.
Verify that the webserver runs and there are no OS-level firewalls.
Various services send requests to the network ports.
Generally, the webservers listen on port 80 for HTTP traffic and use port 443 for traffic encrypted with TLS/SSL.
If it isn’t running, or firewalls block these ports, then we can’t connect to the website.
1. To resolve this, we remotely connect to the instance via SSH.
2. Then to verify the web server’s status, we run:
$ sudo systemctl status httpd httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead)
Here, we can see the command returns an inactive status.
3. To restart the webserver, we run:
$ sudo systemctl restart httpd
4. Then we run the following command to verify that the webserver runs now:
$ sudo systemctl status httpd httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2020-11-19 14:40:15 UTC; 42s ago
In case we have an older Linux system running SystemV, we use:
$ sudo service httpd status httpd is stopped
Eventually, to restart a stopped web server on SystemV, we run:
$ sudo service httpd restart Stopping httpd: [FAILED] Starting httpd: [ OK ]
5. To confirm that the web server listens on port 80 or 443, we run:
$ sudo netstat -tulpn | grep httpd tcp 0 0 :::80 :::* LISTEN 2961/httpd
6. We then verify the status of OS-level firewalls.
In case of an active firewall, we make sure it allows requests on ports 80 and 443:
Amazon Linux, CentOS, and RHEL:
1. Initially, we verify the iptables rules block incoming requests on ports 80 and 443:
$ sudo iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
2. Then to allow port 80 to accept incoming HTTP connection requests, we run:
$ sudo iptables -A INPUT -p tcp --dport 80 --syn -m conntrack --ctstate NEW -j ACCEPT
3. Similarly, to allow port 443 to accept incoming HTTPS connection requests, we run:
$ sudo iptables -A INPUT -p tcp --dport 443 --syn -m conntrack --ctstate NEW -j ACCEPT
Amazon Linux 2 and RHEL 7 and above:
1. Firstly, we verify that firewalld is running:
$ sudo firewall-cmd --state running
2. Then to configure it to allow connections on ports 80 and 443, we run
$ sudo firewall-cmd --add-service=http --permanent success $ sudo firewall-cmd --add-service=https --permanent success $ sudo firewall-cmd --reload success
Debian and Ubuntu servers:
1. We use the following command to check for a UFW firewall:
$ sudo ufw status verbose Status: active
2. If it runs, to allow incoming connection requests on ports 80 and port 443, we use:
$ sudo ufw allow in 80/tcp Rule added Rule added (v6) $ sudo ufw allow 443/tcp Rule added Rule added (v6)
We can also check the webserver access error logs for issues. Generally, we can find them at /var/log.
The default web server log locations are:
Amazon Linux and RHEL: /var/log/httpd Debian and Ubuntu: /var/log/apache2
[Need help with the resolution? We’d be happy to assist]
In short, we saw how our Support Techs go about an Unresponsive Website on EC2.