All Products
Search
Document Center

Elastic Compute Service:What do I do if I cannot access a service deployed on an instance?

Last Updated:Nov 29, 2024

This topic describes how to troubleshoot the issue that a service deployed on an Elastic Compute Service (ECS) instance cannot be accessed.

Possible causes and troubleshooting methods

The following table describes the possible causes of the preceding issue and how to troubleshoot the issue based on the cause.

Possible cause

Troubleshooting method

The port of the service is not allowed by the security group rules of the ECS instance.

Check the security group rules of the ECS instance.

The service is disabled or not started, or the port of the service is not listened on.

Check the status of the service and the listening status of the port of the service.

The firewall settings of the ECS instance are incorrectly configured.

Check the firewall settings of the ECS instance.

The following sections describe how to troubleshoot the issue that NGINX deployed on an ECS instance cannot be accessed. Port 80 (default NGINX port) is used. To troubleshoot other services, replace the service name and port number in the commands with actual values.

Check the security group rules of the ECS instance

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Instances & Images > Instances.

  3. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

  4. On the instance list page, find the instance whose security group rules you want to check and click the instance ID.

  5. On the Instance Details page, click the Security Groups tab.

  6. On the Security Groups tab, find the security group whose rules you want to check and click the security group ID.

  7. In the Access Rule section, check whether port 80 is allowed in the inbound direction.

    2023-06-04_16-56-00..png

Check the status of the service and the listening status of the port of the service

Linux instance

In this example, an ECS instance that runs CentOS 7.9 is used. Operations may vary based on the operating system version of your Linux instance.

  1. Connect to the Linux instance.

    For more information, see Connect to a Linux instance by using a password or key.

  2. Run the following command to check the status of NGINX:

    systemctl status nginx
    • The following sample command output indicates that NGINX is started.

      2023-06-04_17-06-23..png

    • If NGINX is not started, run the following command to start NGINX:

      systemctl start nginx
  3. Run the following command to check whether port 80 is listened on:

    netstat -an | grep 80
    • The following sample command output indicates that port 80 is listened on as expected. In this case, perform the operations in the Check the firewall settings of the ECS instance section.

      2023-06-04_17-11-27..png

    • If the preceding command output is not returned, port 80 is not listened on. The port may already be used by another service. You can release the port from the service to ensure that NGINX can listen on the port. You can also configure NGINX to listen on another port.

Windows instance

In this example, an ECS instance that runs Windows Server 2012 is used. Operations for instances that run other Windows Server versions are similar.

  1. Connect to the Windows instance.

    For more information, see Connect to a Windows instance by using a password or key.

  2. Choose Start > Run. Enter service.msc and then click OK to open the Services window.

  3. Check the status of NGINX.

    1. If no status is displayed for NGINX, right-click NGINX and select Start.

      2023-06-04_19-14-19..png

    2. If the status of NGINX is Running, proceed to step 4.

  4. Run the following command in Windows PowerShell to check whether port 80 is listened on:

    netstat -ano | findstr "80"
    • The following sample command output indicates that port 80 is listened on as expected. In this case, perform the operations in the Check the firewall settings of the ECS instance section.

      2023-06-04_17-36-44..png

    • If the preceding command output is not displayed, port 80 is not listened on. The port may already be used by another service. You can release the port from the service to ensure that NGINX can listen on the port. You can also configure NGINX to listen on another port.

Check the firewall settings of the ECS instance

Linux instance

In this example, an ECS instance that runs CentOS 7.9 is used. Operations may vary based on the operating system version of your Linux instance.

  1. Connect to the Linux instance.

    For more information, see Connect to a Linux instance by using a password or key.

  2. Run the following command to check the status of the firewall:

    systemctl status firewalld
    • If the Active: inactive (dead) message is displayed in the command output, the firewall is disabled. In this case, no additional operation is required.

    • If the Active: active (running) message is displayed in the command output, the firewall is enabled. In this case, proceed to Step 3.

  3. Run the following command to check the ports that are allowed by the firewall:

    firewall-cmd --list-all
    • If the ports: 80/tcp message is displayed in the command output, the firewall allows port 80. In this case, no additional operation is required.

      2023-06-04_19-33-53..png

    • If the ports: 80/tcp message is not displayed in the command output, run the following command to allow port 80:

      firewall-cmd --zone=public --add-port=80/tcp --permanent

      If success is returned, TCP port 80 is allowed.

Windows instance

In this example, an ECS instance that runs Windows Server 2012 is used. Operations for instances that run other Windows Server versions are similar.

  1. Connect to the Windows instance.

    For more information, see Connect to a Windows instance by using a password or key.

  2. In the lower-left corner of the desktop, click the 服务器管理..png icon to start Server Manager.

  3. In the upper-right corner of the Server Manager window, choose Tools > Windows Defender Firewall with Advanced Security.

    2023-05-28_20-21-16..png

  4. Check the status of the firewall.

    1. If the firewall is disabled, no additional operation is required.

      2023-06-04_18-49-00..png

    2. If the firewall is enabled, perform the following operations:

      1. On the Windows Firewall with Advanced Security page, click Inbound Rules.

      2. Check the status of Windows Remote Management - Compatibility Mode (HTTP-In).

        • If the inbound rule for Windows Remote Management - Compatibility Mode (HTTP-In) is enabled, no additional operation is required.

        • If the inbound rule for Windows Remote Management - Compatibility Mode (HTTP-In) is disabled, right-click Windows Remote Management - Compatibility Mode (HTTP-In) and then select Enable Rule.

          2023-06-04_18-58-43..png