Why do I get a "connection timed out" or "connection refused" error when I try to access my website on Lightsail?
Why do I get a "connection timed out" or "connection refused" error when I try to access my website on Lightsail?
Short description
The following are common reasons for "connection timed out" or "connection refused" errors in your Lightsail instance:
- Lightsail's Firewall blocks access on HTTP and HTTPs ports 80, and 443.
- An operating system-level firewall blocks access on ports 80, and 443.
- An application isn't active on ports 80, and 443.
- Local network restrictions block your access.
- There is an operating system-level issue.
Resolution
Prerequisite:
Verify the error that you receive:
- Use SSH to connect to Lightsail.
- Enter the following:
Note: Replace example-url with your website's URL.curl -Ivk example-url
- Note if you receive a "connection timed out" or "connection refused" error, and then troubleshoot the error based on your use case.
Make sure that firewall rules allow access to inbound traffic on HTTPS port 443 and HTTP port 80
For "connection timed out" errors, make sure that ports 80 and 443 are open. For more information, see Control instance traffic with firewalls in Lightsail.
Check the status of operating system-level firewalls
For "connection timed out" and "connection refused" errors, complete one or more of the following based on your use case:
Uncomplicated Firewall (UFW)
-
Check if UFW allows access on ports 80, and 443:
$ sudo ufw status numbered
-
If the output includes Status: active, then allow access on ports 80, and 443:
# sudo ufw allow 80 # sudo ufw allow 443
Iptables
-
List the rules in Iptables, then make sure that access is allowed on ports 80, 443 and 8443:
$ sudo iptables -L --line-numbers
-
If the output doesn't include ACCEPT, then allow access on the ports:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Deactivate the operating system firewalls
If you can't unblock an operating system firewall, then deactivate the firewall. However, it's a best practice to keep a firewall activated because the firewall flushes custom rules when you deactivate it. For more information, see How to start/stop and enable/disable FirewallD and Iptables Firewall in Linux on the Tecmint website.
Verify that your website application is active on ports 80 and 443
For "connection refused" errors, complete the following:
-
Verify the status of your application:
sudo netstat -tlnp | grep -iE 80 sudo netstat -tlnp | grep -iE 443
-
If the output that corresponds with your application doesn't include LISTEN, then verify that your application is active:
Apache
sudo systemctl status httpd sudo systemctl status apache2
NGINX
sudo systemctl status ngnix
Bitnami
sudo /opt/bitnami/ctlscript.sh status
-
If the output doesn't show the service as active running, then restart your application:
Apache
sudo systemctl restart httpd sudo systemctl restart apache2
NGINX
sudo systemctl restart ngnix
Bitnami Apache 2
sudo /opt/bitnami/ctlscript.sh restart apache
If your application doesn't restart, then complete the following:
-
Review logs for errors with timestamps that correspond with the failed restart:
Apache
/var/log/apache2/
/var/log/httpd/
NGINX
/var/log/nginx/error.log
Apache Bitnami 2
/opt/bitnami/apache2/logs/error_log
-
Review configuration files for syntax errors:
Apache
$ sudo httpd -t
$ sudo apache2 -t
NGINX
$ sudo nginx -t
Troubleshoot local network restrictions
For "connection timed out" errors, verify that the website is accessible outside of your local network. If the site is visible to users outside of the local network, then contact your network administrators.
Troubleshoot operating system-level issues
For "connection timed out" errors, check your instance's health and performance metrics. For more information, see How do I troubleshoot common issues that cause my Lightsail instance to be unresponsive?
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 9 Monaten
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 3 Monaten