Why do I get a "connection timed out" or "connection refused" error when I try to access my website on Lightsail?

4 minute read
0

Why do I get a "connection timed out" or "connection refused" error when I try to access my website on Lightsail?

Short description

The following are common reasons for "connection timed out" or "connection refused" errors in your Lightsail instance:

  • Lightsail's Firewall blocks access on HTTP and HTTPs ports 80, and 443.
  • An operating system-level firewall blocks access on ports 80, and 443.
  • An application isn't active on ports 80, and 443.
  • Local network restrictions block your access.
  • There is an operating system-level issue.

Resolution

Prerequisite:

Verify the error that you receive:

  1. Use SSH to connect to Lightsail.
  2. Enter the following:
    curl -Ivk example-url
    Note: Replace example-url with your website's URL.
  3. Note if you receive a "connection timed out" or "connection refused" error, and then troubleshoot the error based on your use case.

Make sure that firewall rules allow access to inbound traffic on HTTPS port 443 and HTTP port 80

For "connection timed out" errors, make sure that ports 80 and 443 are open. For more information, see Control instance traffic with firewalls in Lightsail.

Check the status of operating system-level firewalls

For "connection timed out" and "connection refused" errors, complete one or more of the following based on your use case:

Uncomplicated Firewall (UFW)

  1. Check if UFW allows access on ports 80, and 443:

    $ sudo ufw status numbered
  2. If the output includes Status: active, then allow access on ports 80, and 443:

    # sudo ufw allow 80
    # sudo ufw allow 443

Iptables

  1. List the rules in Iptables, then make sure that access is allowed on ports 80, 443 and 8443:

    $ sudo iptables -L --line-numbers
  2. If the output doesn't include ACCEPT, then allow access on the ports:

    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Deactivate the operating system firewalls
If you can't unblock an operating system firewall, then deactivate the firewall. However, it's a best practice to keep a firewall activated because the firewall flushes custom rules when you deactivate it. For more information, see How to start/stop and enable/disable FirewallD and Iptables Firewall in Linux on the Tecmint website.

Verify that your website application is active on ports 80 and 443

For "connection refused" errors, complete the following:

  1. Verify the status of your application:

    sudo netstat -tlnp | grep -iE 80
    sudo netstat -tlnp | grep -iE 443
  2. If the output that corresponds with your application doesn't include LISTEN, then verify that your application is active:

    Apache

    sudo systemctl status httpd
    sudo systemctl status apache2

    NGINX

    sudo systemctl status ngnix

    Bitnami

    sudo /opt/bitnami/ctlscript.sh status
  3. If the output doesn't show the service as active running, then restart your application:

    Apache

    sudo systemctl restart httpd
    sudo systemctl restart apache2

    NGINX

    sudo systemctl restart ngnix

    Bitnami Apache 2

    sudo /opt/bitnami/ctlscript.sh restart apache

If your application doesn't restart, then complete the following:

  • Review logs for errors with timestamps that correspond with the failed restart:

    Apache

    /var/log/apache2/
    /var/log/httpd/

    NGINX

    /var/log/nginx/error.log

    Apache Bitnami 2

    /opt/bitnami/apache2/logs/error_log
  • Review configuration files for syntax errors:

    Apache

    $ sudo httpd -t
    $ sudo apache2 -t

    NGINX

    $ sudo nginx -t

Troubleshoot local network restrictions

For "connection timed out" errors, verify that the website is accessible outside of your local network. If the site is visible to users outside of the local network, then contact your network administrators.

Troubleshoot operating system-level issues

For "connection timed out" errors, check your instance's health and performance metrics. For more information, see How do I troubleshoot common issues that cause my Lightsail instance to be unresponsive?

AWS OFFICIAL
AWS OFFICIALUpdated a month ago