Unable to access Spring Boot application deployed on AWS EC2 instance (Windows Server 2022)
I have deployed a Spring Boot application running on port 80 on AWS EC2 instance (Windows Server 2022). However, I am unable to reach the application from the Internet. I could only access the app by using Edge browser on AWS EC2 instance (the machine the app is being deployed). The app is still running normally and successfully without any error, warning, nor issue.
I have tried the following solutions:
- I have edited the security group to allow all traffic to my instance as the following screenshot https://imgur.com/a/sutaRE7
- I have changed the port on my Spring Boot app to 80 in order to meet the default port on HTTP type
- I have used Elastic IP address allocated to my instance
However, all of the above solutions do not work. When I access the Spring Boot app using Public IPv4 DNS, the browser cannot reach the app due to time-out connection.
Could anyone please tell me the problem why I am unable to access the Spring Boot app on my EC2 instance from the Internet. It would be really helpful and appreciated.
I'm looking forward to all reply from the community.
Thank you very much for spending time answering my question.
Best regards, Nguyen
Just to confirm, this EC2 machine is in a public subnet with an internet gateway, right? And the security group where you have enabled HTTP from 0.0.0.0/0 is the security group associated with the EC2 machine. I would double check that. Also look at the outbound rules on the security group just to make sure the default rule hasn't been accidentally deleted (it has happened to me once). Can you hit the app if you use the public IP address of the EC2 machine instead of the DNS name?
The other thing I would check is whether the VPC subnet to which the EC2 machine is assigned does not have any NACL rules preventing inbound and outbound traffic.
You should take a look at the VPC flow logs, to find out what's blocking the traffic.
The EC2 machine is in public subnet with internet gateway? Checked. The security group is associated with EC2 machine? Checked, since I have only one instance running. Therefore, there is only one security group associated with that instance ^__^. For the outbound rule? Checked, nothing is deleted. And the network ACL? Nothing is being blocked at all.
So, the problem is Windows Defender Firewall! It blocks the inbound - outbound network from Java =__=. I edit the rule. I am able to access the app normally via the Internet.
Thank you very much for your help. I do learn a lot of new things ^_^
I understand that your browser cannot reach your application and is giving you a Connection timeout error and this could be caused by multiple reasons. To resolve this issue, confirm that the configuration settings on your EC2 instance are correct and consider the following approaches:
- Check the network ACL configuration to see if traffic is allowed on port 80 and 443.
- Make sure that the route table in the instance's subnet has a default route to an internet gateway.
- Check that the instance has the correct DNS configuration
- If your website uses Route 53 DNS service, check that you've configured the DNS records correctly, see reference .
- Make sure to map your Elastic IP address to an A record, see reference  for more information.
- Check that the web server is running and that there are no OS-level firewalls blocking access to ports
I have checked the network ACL. Nothing is being denied. For the DNS, I don't use Route 53 service. For the elastic IP, I used the default configuration so I guess that is not the culprit.
It turns out that the problem is number 4. It is the Windows Defender Firewall which blocks the network from and to the Java SE platform X__X
Thank you very much for your help. It is really helpful and valuable. I really appreciate that. I also learn a lot of new stuff ^__^
Below are some general points:
- Verify the route table that's associated with your instance’s subnet has a default route to an internet gateway (0.0.0.0/0)
- The network access control list (network ACL) that is associated with the instance's subnet has rules allowing both outbound and inbound traffic for your Source IP
- Verify that local firewall running in the operating system is not blocking the connection - you mentioned Windows EC2 so check the Windows Defender firewall settings
- Check if the listener is tied to only local host or 0.0.0.0, you mentioned that the App is working from a browser on the local EC2 so its likely that the listener is tied to only the localhost and not for all traffic
Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 127.0.0.1:1023 0.0.0.0:0 LISTENING
Also check this KC article: https://aws.amazon.com/premiumsupport/knowledge-center/instance-vpc-troubleshoot/
Hope this helps
The instance has default route to the internet gateway. Checked.
The network ACL is the default setting. Nothing is being denied.
Yes, it is the Windows Defender Firewall setting. It blocks the network inbound/outbound to Java
The app is listening to 0.0.0.0. Checked
Thank you very much for your help. I really appreciate your help in solving my problem. Thanks for the 'netstat -an' command. Good to know that command
Spring Boot app cannot run DDL commands on AWS Postgres 12.5 instanceasked a year ago
Spring Boot deployed on Elastic Beanstalk. Need to modify Ngnix to allow large filesasked a month ago
Loaded a Spring Boot Application to AWS Elastic Beanstalk, my Twilio Account was hackedasked 7 months ago
Are there any workshops on modernizing Java Spring Boot applications?Accepted Answerasked 2 years ago
Web server not responding on AWS EC2 when sending larger http responseasked 10 months ago
Disable Xray feature on local dev machine(Java Spring boot AOP project)asked 2 years ago
Ec2 instance Windows server 2019 upgradeasked a month ago
If we provision an EC2 windows Instance, will it includes the windows license by default? what are the licensing types available from AWSAccepted Answerasked 3 months ago
Unable to access Spring Boot application deployed on AWS EC2 instance (Windows Server 2022)asked 12 days ago
Unable to send POST request to Express Application listening in EC2 instanceasked 4 months ago