Discourse instance unreachable on AWS


(Auryn Macmillan) #1

I’m trying to migrate an instance of Discourse form Digital Ocean over to an AWS EC2. The installation of the new instance seems to work without a hitch, however the EC2 discourse instance seems to be unreachable from my browser.

Any idea what this could be causing this and what a fix might be?


(Andrew Waugh) #2

Have you set your security group to allow inbound https?

I’ve only just started with AWS… I think the user interface could be a bit less fragmented than it seems to be.


(Auryn Macmillan) #3

Have you set your security group to allow inbound https?

So far as I can tell, HTTPS is enabled.

I think the user interface could be a bit less fragmented than it seems to be

Yeah I’ve often been pretty overwhelmed by the menus/options.


(Andrew Waugh) #4

Not that I’m a fully qualified propellorhead, but…


(Daniel Marquard) #5

Do you mean that you cannot view the EC2 instance? Can you SSH in? Is your instance behind an Elastic Load Balancer? Verify your security group rules on the EC2 instance, then try telnet <ip> 443 from your PC.

I can help if you provide more info. AWS is my bread and butter. :slight_smile:


(Auryn Macmillan) #6

I can help if you provide more info. AWS is my bread and butter. :slight_smile:

That would be very much appreciated.

Do you mean that you cannot view the EC2 instance?

I mean if I try to browse to the instance using the IP address, the connection is refused.

Can you SSH in?

Yes, I can SSH in without issue.

Is your instance behind an Elastic Load Balancer?

The instance is not behind an elastic load balancer. Although I did connect an elastic IP.

Verify your security group rules on the EC2 instance, then try telnet 443 from your PC.

The rules on the EC2’s security group match what @JagWaugh posted above, and telnet returns:

Trying 35.166.67.172...
telnet: Unable to connect to remote host: Connection refused

(Andrew Waugh) #7

Do you mean telnet to the standard port? That won’t get through with the rules as I have them.

You should be able to telnet to port 80 (for http) and port 443 (for https)

(and you need a rule for outbound too, I used all traffic 0.0.0.0/0)


(Daniel Marquard) #8

It seems like it could be an issue with the instance itself. If you haven’t done so already, verify that Nginx is running on your EC2 (or in the container) and that the port is accepting traffic.

ps aux | grep -i nginx
telnet localhost 443

Are you running Amazon Linux? I use CentOS on AWS, but you can try these commands to disable the firewall, if one is running:

systemctl stop firewalld
systemctl stop iptables
systemctl stop ip6tables

Although less likely, the traffic might somehow be blocked on the VPC, so make sure your VPC network ACLs look good.


(Auryn Macmillan) #9

It seems like it could be an issue with the instance itself. If you haven’t done so already, verify that Nginx is running on your EC2 (or in the container) and that the port is accepting traffic.

root@*****:/var/discourse# ps aux | grep -i nginx
root      3337  0.0  0.0  12944   876 pts/1    S+   21:33   0:00 grep --color=auto -i nginx
root     31019  0.0  0.1   4244  1196 ?        Ss   21:04   0:01 runsv nginx
root@*****:/var/discourse# telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
root@*****:/var/discourse# 

Are you running Amazon Linux? I use CentOS on AWS, but you can try these commands to disable the firewall, if one is running:

I’m running Ubuntu 16.04


(Auryn Macmillan) #10

Do you mean telnet to the standard port? That won’t get through with the rules as I have them.

I was trying telnet <ip> 443

You should be able to telnet to port 80 (for http) and port 443 (for https)

(and you need a rule for outbound too, I used all traffic 0.0.0.0/0)

Yes, these are my exact settings.


(Daniel Marquard) #11

I only really work with RHEL distros, but you can try this command to see if there’s a firewall running:

sudo ufw status verbose

If it’s running, this command will disable it:

sudo ufw disable

(Auryn Macmillan) #12

I’m open to trying a different distro, I’ve been wanting an excuse to play with some others anyway.


(Auryn Macmillan) #13

sudo ufw status verbose

Status: inactive


(Daniel Marquard) #14

I’d hate for you to provision a new EC2 and run into the same issue. Can you post a screenshot of your security group rules?

If you do rebuild, I recommend CentOS over Amazon Linux since Amazon Linux cannot be run outside of AWS if you ever need to migrate the instance.

https://aws.amazon.com/marketplace/pp/B00O7WM7QW?qid=1483220591109&sr=0-1&ref_=srh_res_product_title


(Auryn Macmillan) #15

I’ll try a rebuild on CentOS later tonight and will let you guys know how I go.


(Auryn Macmillan) #16

Alright, so I just went through the install process on a fresh CentOS 7 EC2. Everything seems to have gone smoothly, although I do notice a something weird:

$ ./launcher start app
which: no docker.io in (/sbin:/bin:/usr/sbin:/usr/bin)
6dd44a3a02af
Nothing to do, your container has already started!

Anyway, this instance seems to be suffering the same problem. So I’m guessing this means it must be something to do with my security group settings. Although as far as I can tell, they are all as they should be.


(Daniel Marquard) #17

I get this error, too. It’s not a problem because the launcher locates the Docker binary elsewhere.

Was the screenshot you posted of incoming or outgoing rules? Can you screenshot both for me? And just confirm that the EC2 instance is actually using that security group.


(Auryn Macmillan) #18

Incoming rules:

Outgoing rules:

Confirmation that the EC2 is using this security group:


(Daniel Marquard) #19

Bizarre. And you can still SSH in, but not connect on any port besides 22? If you want, you can PM me the credentials for a temporary account and I can log in to have a quick look around. I don’t mind if you can do it before I leave for a New Year’s party. :slight_smile:

Otherwise, you can open a ticket with Amazon and they should be able to fix it in a day or so.


(Auryn Macmillan) #20

Yeah it’s really bizarre. Will DM you.