I’m trying to migrate an instance of Discourse form Digital Ocean over to an AWS EC2. The installation of the new instance seems to work without a hitch, however the EC2 discourse instance seems to be unreachable from my browser.
Any idea what this could be causing this and what a fix might be?
Have you set your security group to allow inbound https?
I’ve only just started with AWS… I think the user interface could be a bit less fragmented than it seems to be.
Have you set your security group to allow inbound https?
So far as I can tell, HTTPS is enabled.
I think the user interface could be a bit less fragmented than it seems to be
Yeah I’ve often been pretty overwhelmed by the menus/options.
Do you mean that you cannot view the EC2 instance? Can you SSH in? Is your instance behind an Elastic Load Balancer? Verify your security group rules on the EC2 instance, then try telnet <ip> 443 from your PC.
I can help if you provide more info. AWS is my bread and butter. 
I can help if you provide more info. AWS is my bread and butter.
That would be very much appreciated.
Do you mean that you cannot view the EC2 instance?
I mean if I try to browse to the instance using the IP address, the connection is refused.
Can you SSH in?
Yes, I can SSH in without issue.
Is your instance behind an Elastic Load Balancer?
The instance is not behind an elastic load balancer. Although I did connect an elastic IP.
Verify your security group rules on the EC2 instance, then try telnet 443 from your PC.
The rules on the EC2’s security group match what @JagWaugh posted above, and telnet returns:
Trying 35.166.67.172...
telnet: Unable to connect to remote host: Connection refused
Do you mean telnet to the standard port? That won’t get through with the rules as I have them.
You should be able to telnet to port 80 (for http) and port 443 (for https)
(and you need a rule for outbound too, I used all traffic 0.0.0.0/0)
It seems like it could be an issue with the instance itself. If you haven’t done so already, verify that Nginx is running on your EC2 (or in the container) and that the port is accepting traffic.
ps aux | grep -i nginx
telnet localhost 443
Are you running Amazon Linux? I use CentOS on AWS, but you can try these commands to disable the firewall, if one is running:
systemctl stop firewalld
systemctl stop iptables
systemctl stop ip6tables
Although less likely, the traffic might somehow be blocked on the VPC, so make sure your VPC network ACLs look good.
It seems like it could be an issue with the instance itself. If you haven’t done so already, verify that Nginx is running on your EC2 (or in the container) and that the port is accepting traffic.
root@*****:/var/discourse# ps aux | grep -i nginx
root 3337 0.0 0.0 12944 876 pts/1 S+ 21:33 0:00 grep --color=auto -i nginx
root 31019 0.0 0.1 4244 1196 ? Ss 21:04 0:01 runsv nginx
root@*****:/var/discourse# telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
root@*****:/var/discourse#
Are you running Amazon Linux? I use CentOS on AWS, but you can try these commands to disable the firewall, if one is running:
I’m running Ubuntu 16.04
Do you mean telnet to the standard port? That won’t get through with the rules as I have them.
I was trying telnet <ip> 443
You should be able to telnet to port 80 (for http) and port 443 (for https)
(and you need a rule for outbound too, I used all traffic 0.0.0.0/0)
Yes, these are my exact settings.
I only really work with RHEL distros, but you can try this command to see if there’s a firewall running:
sudo ufw status verbose
If it’s running, this command will disable it:
sudo ufw disable
I’m open to trying a different distro, I’ve been wanting an excuse to play with some others anyway.
sudo ufw status verbose
Status: inactive
I’d hate for you to provision a new EC2 and run into the same issue. Can you post a screenshot of your security group rules?
If you do rebuild, I recommend CentOS over Amazon Linux since Amazon Linux cannot be run outside of AWS if you ever need to migrate the instance.
I’ll try a rebuild on CentOS later tonight and will let you guys know how I go.
Alright, so I just went through the install process on a fresh CentOS 7 EC2. Everything seems to have gone smoothly, although I do notice a something weird:
$ ./launcher start app
which: no docker.io in (/sbin:/bin:/usr/sbin:/usr/bin)
6dd44a3a02af
Nothing to do, your container has already started!
Anyway, this instance seems to be suffering the same problem. So I’m guessing this means it must be something to do with my security group settings. Although as far as I can tell, they are all as they should be.
I get this error, too. It’s not a problem because the launcher locates the Docker binary elsewhere.
Was the screenshot you posted of incoming or outgoing rules? Can you screenshot both for me? And just confirm that the EC2 instance is actually using that security group.
Bizarre. And you can still SSH in, but not connect on any port besides 22? If you want, you can PM me the credentials for a temporary account and I can log in to have a quick look around. I don’t mind if you can do it before I leave for a New Year’s party. 
Otherwise, you can open a ticket with Amazon and they should be able to fix it in a day or so.
Yeah it’s really bizarre. Will DM you.
