Unable to access Spring Boot application deployed on AWS EC2 instance (Windows Server 2022)

0

Hello everyone,

I have deployed a Spring Boot application running on port 80 on AWS EC2 instance (Windows Server 2022). However, I am unable to reach the application from the Internet. I could only access the app by using Edge browser on AWS EC2 instance (the machine the app is being deployed). The app is still running normally and successfully without any error, warning, nor issue.

I have tried the following solutions:

  1. I have edited the security group to allow all traffic to my instance as the following screenshot https://imgur.com/a/sutaRE7
  2. I have changed the port on my Spring Boot app to 80 in order to meet the default port on HTTP type
  3. I have used Elastic IP address allocated to my instance

However, all of the above solutions do not work. When I access the Spring Boot app using Public IPv4 DNS, the browser cannot reach the app due to time-out connection.

Could anyone please tell me the problem why I am unable to access the Spring Boot app on my EC2 instance from the Internet. It would be really helpful and appreciated.

I'm looking forward to all reply from the community.

Thank you very much for spending time answering my question.

Best regards, Nguyen

asked 2 years ago406 views
3 Answers
0

Just to confirm, this EC2 machine is in a public subnet with an internet gateway, right? And the security group where you have enabled HTTP from 0.0.0.0/0 is the security group associated with the EC2 machine. I would double check that. Also look at the outbound rules on the security group just to make sure the default rule hasn't been accidentally deleted (it has happened to me once). Can you hit the app if you use the public IP address of the EC2 machine instead of the DNS name?

The other thing I would check is whether the VPC subnet to which the EC2 machine is assigned does not have any NACL rules preventing inbound and outbound traffic.

You should take a look at the VPC flow logs, to find out what's blocking the traffic.

profile pictureAWS
EXPERT
answered 2 years ago
  • The EC2 machine is in public subnet with internet gateway? Checked. The security group is associated with EC2 machine? Checked, since I have only one instance running. Therefore, there is only one security group associated with that instance ^__^. For the outbound rule? Checked, nothing is deleted. And the network ACL? Nothing is being blocked at all.

    So, the problem is Windows Defender Firewall! It blocks the inbound - outbound network from Java =__=. I edit the rule. I am able to access the app normally via the Internet.

    Thank you very much for your help. I do learn a lot of new things ^_^

0

Hi Nguyen,

I understand that your browser cannot reach your application and is giving you a Connection timeout error and this could be caused by multiple reasons. To resolve this issue, confirm that the configuration settings on your EC2 instance are correct and consider the following approaches:

  1. Check the network ACL configuration to see if traffic is allowed on port 80 and 443.
  • Make sure that the route table in the instance's subnet has a default route to an internet gateway.
  1. Check that the instance has the correct DNS configuration
  • If your website uses Route 53 DNS service, check that you've configured the DNS records correctly, see reference [1].
  1. Make sure to map your Elastic IP address to an A record, see reference [2] for more information.
  2. Check that the web server is running and that there are no OS-level firewalls blocking access to ports

References:

[1] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring.html

[2] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#AFormat

answered 2 years ago
  • Hi Asenathi,

    I have checked the network ACL. Nothing is being denied. For the DNS, I don't use Route 53 service. For the elastic IP, I used the default configuration so I guess that is not the culprit.

    It turns out that the problem is number 4. It is the Windows Defender Firewall which blocks the network from and to the Java SE platform X__X

    Thank you very much for your help. It is really helpful and valuable. I really appreciate that. I also learn a lot of new stuff ^__^

0

Hi Nguyen,

Below are some general points:

  • Verify the route table that's associated with your instance’s subnet has a default route to an internet gateway (0.0.0.0/0)
  • The network access control list (network ACL) that is associated with the instance's subnet has rules allowing both outbound and inbound traffic for your Source IP
  • Verify that local firewall running in the operating system is not blocking the connection - you mentioned Windows EC2 so check the Windows Defender firewall settings
  • Check if the listener is tied to only local host or 0.0.0.0, you mentioned that the App is working from a browser on the local EC2 so its likely that the listener is tied to only the localhost and not for all traffic

Example:

netstat -an

Proto  Local Address          Foreign Address        State
TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
TCP    127.0.0.1:1023         0.0.0.0:0              LISTENING

Also check this KC article: https://aws.amazon.com/premiumsupport/knowledge-center/instance-vpc-troubleshoot/

Hope this helps

profile pictureAWS
EXPERT
answered 2 years ago
  • Hi Tushar,

    The instance has default route to the internet gateway. Checked.

    The network ACL is the default setting. Nothing is being denied.

    Yes, it is the Windows Defender Firewall setting. It blocks the network inbound/outbound to Java

    The app is listening to 0.0.0.0. Checked

    Thank you very much for your help. I really appreciate your help in solving my problem. Thanks for the 'netstat -an' command. Good to know that command ^__^

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions