This topic provides answers to commonly asked questions about Simple Application Server.
Remote connection and billing FAQ
Server management FAQ
Security FAQ
How do simple application servers ensure the security of my data?
How is network security ensured for simple application servers?
How do I protect my simple application servers against attacks?
How do I check for mining programs on a simple application server?
How do I handle mining programs or apply for unlocking affected simple application servers?
Network FAQ
Firewall FAQ
Image FAQ
Why am I unable to create a simple application server based on a custom image?
Why am I unable to reset the OS of my simple application server?
Why is the option for HTTPS configuration not displayed in the Simple Application Server console?
What do I do if the initialization of a Plesk application image gets stuck at 95%?
Migration FAQ
O&M FAQ
Internet Content Provider (ICP) filings
In which regions can simple application servers be deployed?
Simple application servers can be deployed in regions inside and outside the Chinese mainland. For more information, see the "Regions" section of the Regions and network connectivity topic.
What are the valid status of simple application servers?
The statuses of simple application servers fall into console statuses and API statuses based on your query modes. If you query the status of a server in the Simple Application Server console, the status displayed in the console is a console status. If you query the status of a server by calling the ListInstances API operation, the returned status is an API status.
The status of servers is classified into stable status and transitory status based on the properties of the status. Transitory status is the status that servers temporarily stay before they enter a stable status. If a server remains in a transitory status for an extended period of time, an exception occurs on the server.
The following table describes all status of servers.
Console status | API status | Status property | Status description |
Starting | Starting | Transitory | Simple application servers enter this status after they are created. Existing servers that are started or restarted also enter this status. After this status is complete, the servers enter the Running state. |
Running | Running | Stable | Simple application servers stay in this status when they run as expected. Servers can be accessed only when they are in this status. Note Simple application servers that are about to expire also stay in this status. You need to pay attention to the remaining service life if a server enters this status. |
Stopping | Stopping | Transitory | Simple application servers enter this status after you perform the Stop action on them. After this status is complete, the servers enter the Stopped state. |
Resetting | Resetting | Transitory | Simple application servers enter this status after you perform the Reset action on them. |
Upgrading | Upgrading | Transitory | Simple application servers enter this status after you perform the Upgrade action on them. |
Stopped | Stopped | Stable | Simple application servers enter this status after they are stopped. |
Disabled | Disabled | Stable | Simple application servers enter this status if they are locked. Servers can be locked for reasons such as overdue payments and security risks. You need to renew or unlock the servers based on your business requirements. For more information, see Upgrade and renew a simple application server. You can also submit a ticket to apply for unlocking the servers. |
Can I upgrade simple application servers?
Yes, you can upgrade simple application servers to improve server performance when the server configurations cannot meet your business requirements. For more information, see Upgrade a simple application server.
Can I transfer my simple application servers to another Alibaba Cloud account?
No, you cannot transfer your simple application servers to another Alibaba Cloud account.
What do I do if the memory usage and system disk usage are not displayed when I view the monitoring information of a simple application server in the Simple Application Server console?
In the Simple Application Server console, the memory usage and system disk usage of a server are obtained by using the CloudMonitor agent. After you perform actions such as resetting the server, CloudMonitor may no longer be able to obtain information about the server. If you cannot query the memory usage and system disk usage in the Server Monitoring section on the Server Overview tab of a server, you must manually install CloudMonitor. For more information, see Install and uninstall the CloudMonitor agent.
Why is my simple application server in the Disabled state?
If a simple application server is stopped due to expiration or overdue payments, or is locked due to security risks, the server enters the Disabled state.
If your simple application server is about to be stopped due to expiration or an overdue payment, the system sends you a notification. To ensure service continuity, renew the resource plan or complete the payment at the earliest opportunity. For more information, see Expiration and overdue payments.
If the server is locked, submit a ticket to apply for unlocking the server.
How do simple application servers ensure the security of my data?
Simple application servers use the snapshot feature and triplicate storage on cloud disks to ensure data security.
Triplicate storage on cloud disks
Alibaba Cloud disks use triplicate storage to provide stable, efficient, and reliable access to data on simple application servers based on distributed file systems and ensure data durability of 99.9999999% (nine 9s) for the servers. For more information, see Triplicate storage.
Snapshot feature
Simple application servers provide the snapshot feature that allows you to back up data stored on disks and roll back disks based on snapshots. For more information, see Manage snapshots.
How is network security ensured for simple application servers?
Simple Application Server uses the firewall feature and default network configurations to ensure network security of servers.
Default network configurations (VPCs)
By default, simple application servers are deployed in VPCs. Simple application servers that belong to the same account and region reside within the same VPC. These servers can communicate with each other over the VPC but cannot communicate with the resources of other services over the VPC. For example, your simple application servers cannot communicate with ApsaraDB RDS instances within the same VPC over the internal network.
Firewall feature
Simple application servers incorporate a built-in firewall feature, with default settings that permit traffic over ports 22, 80, and 443 to ensure essential connectivity. By default, all other ports are disabled to enhance security on simple application servers. You can specify the port range to open based on your business requirements. For more information, see Manage the firewall of a simple application server.
How do I protect my simple application servers against attacks?
Simple Application Server is integrated with Alibaba Cloud Security to provide robust protection against DDoS attacks. Simple Application Server also comes equipped with CloudMonitor, which proactively monitors for any malicious activities in real time and effectively filters out suspicious network traffic to safeguard simple application servers. To protect servers against high-volume attacks, Alibaba Cloud also implements blackhole filtering. To strengthen security protection and minimize potential vulnerabilities, you can install reputable security software and disable ports that are not essential for your regular operations.
What security services does Alibaba Cloud provide?
Powered by advanced data analytics capabilities, Alibaba Cloud Security Center offers a comprehensive suite of security solutions. These solutions encompass critical services such as security vulnerability scanning, website malware detection, host intrusion prevention, and robust anti-DDoS defenses, ensuring end-to-end protection for your digital assets.
For more information about security services, visit Alibaba Cloud Security Services.
How do I check for mining programs on a simple application server?
You can use one of the following methods to check for mining programs on your simple application server. For more information, see the "Characteristics of mining programs" section of the Best practices for handling mining programs topic.
Check whether the CPU of your server works as expected.
NoteIf you notice a drastic surge in CPU usage on your server, such as climbing to around 80% or higher, coupled with a constant stream of outgoing network traffic from an unknown process, this strongly suggests the presence of a mining program on your server.
Go to the Alerts page in the Security Center console and check for unhandled alerts of mining programs. The presence of such alerts signifies that a mining program might be running on your server and requires immediate attention and action.
For more information, see Defend against mining programs and Best practices for handling mining programs.
How do I handle mining programs or apply for unlocking affected simple application servers?
Handle mining programs
You can handle mining programs or apply to unlock affected servers in the Security Center console or handle mining worms in the Cloud Firewall console. For more information, see Defend against mining programs and Best practices for handling mining programs.
Unlock servers
When your server gets locked as a result of being infected by a mining virus or subjected to a mining-related attack, you can submit a request to unlock the server. To apply for unlocking servers, go to the Penalties page of the Security Center console.
When you apply for unlocking servers, take note of the following items:
For each server, you are granted only one opportunity to submit an unlock request.
Once a server is unlocked after a previous lock-down due to mining activities, an automatic scan will be conducted in three days. In the event that mining software is detected again during this follow-up check, the server will be locked anew, and further unlocking will not be possible.
After the server is unlocked, back up the data on the server at your earliest opportunity.
Can simple application servers communicate with ApsaraDB RDS instances in the same VPC?
Yes, simple application servers can communicate with ApsaraDB RDS instances in the same VPC by using the service interconnection feature. By default, simple application servers that belong to the same Alibaba Cloud account and region are deployed in the same VPC. These servers can communicate with each other over the VPC but cannot communicate with the resources of other Alibaba Cloud services over VPCs. You can enable the service interconnection feature to implement connection between simple application servers and other Alibaba Cloud services such as ApsaraDB RDS residing in the same VPCs. For more information, see Manage service interconnection.
In the Simple Application Server console, you can easily enable service interconnection. Enabling this feature allows your server to seamlessly communicate with other services in the same Alibaba Cloud account and located in the same region at no extra cost. However, if you want to establish connections between your simple application server and services running in different Alibaba Cloud accounts, or those located in different regions, you must complete the necessary configurations in the Cloud Enterprise Network (CEN) console. Note that this extended interconnection incurs fees. For more information, see Billing, Grant a transit router permissions on a network instance that belongs to another Alibaba Cloud account, and Manage inter-region connections.
Why is the speed of access to the websites and applications on my simple application server slow?
Various factors such as the location of the simple application server and local network conditions may result in high latency and the inaccessibility of websites or applications. For information about how to troubleshoot the issue, see Network speed of a simple application server does not match the expected network bandwidth of the server.
How do I obtain the public IP address of my simple application server?
You can obtain the public IP address of your simple application server by viewing the details of the server on the server card in the Simple Application Server console. For more information, see View the information of a simple application server.
Can I change the public IP address of my simple application server?
No, you cannot change the public IP address of your simple application server. By default, each simple application server is assigned a public IP address. The public IP address cannot be changed. The public IP address cannot be retained after the server expires.
Is traffic allowed on port 25 of simple application servers?
No, outbound traffic over port 25 is not permitted on simple application servers. For security reasons, simple application servers cannot send emails over port 25. If you want to send emails, use port 465. For more information, see Manage the firewall of a simple application server.
Why am I unable to access a simple application server from an IP address?
You may be unable to access a simple application server from an IP address for the following reasons:
The firewall port of the simple application server is not available. For example, when you connect to a MySQL database on a simple application server, if default firewall port 3306 of MySQL is not available, a timeout error occurs. For information about how to configure a firewall rule, see Manage the firewall of a simple application server.
The IP address is intercepted by Alibaba Cloud Security if Alibaba Cloud identifies the IP address as malicious. This occurs if the IP address performs suspicious activities on cloud resources. For example, an excessive amount of access requests are sent to a website from the IP address. If you are sure that the IP address is secure and is incorrectly intercepted by Alibaba Cloud Security, submit a ticket to apply for unlocking the IP address. We also recommend that you use Security Center to detect your server and its IP address. For more information, see Quick start.
Why am I unable to create a simple application server based on a custom image?
Do not perform the following operations before a simple application server is created based on a custom image. If you perform one of the following operations, the server cannot be created.
Delete the custom image.
Delete the snapshot based on which the custom image was created.
Reset the OS or replace the image of the simple application server from which the custom image is derived.
Release the simple application server from which the custom image is derived.
How do I reset the OS of my simple application server?
You can re-install the OS of a simple application server or replace the image of a simple application server to reset the OS of the server. Simple Application Server provides application images or OS images to create simple application servers.
Application images: Simple Application Server provides multiple application images. You can use these images to create simple application servers and deploy application environments or build websites on the servers with ease.
OS images: Simple Application Server provides Windows Server OS images and mainstream Linux OS images. You can use these images to create safe and stable runtimes that have no applications installed.
You can reset the OS of your simple application server based on your business requirements. For more information, see Reset a simple application server.
Why am I unable to reset the OS of my simple application server?
You can re-install the OS of a simple application server or replace the image of a simple application server to reset the OS of the server and re-initialize the server. If you cannot reset the OS of your simple application server in the Simple Application Server console, check whether the requirements for resetting the OSs of simple application servers are met. For more information, see the "Limits" section of the Reset a simple application server topic.
Why is the option for HTTPS configuration not displayed in the Simple Application Server console?
If a domain name is bound to your simple application server, you must configure secure HTTPS access to the domain name. This access method uses encryption and identity authentication to ensure the security of data transfers. If the option for HTTPS configuration is not displayed in the Simple Application Server console, this may be caused by one of the following reasons:
You failed to select Select Alibaba Cloud extended services when you created the simple application server.
The Select Alibaba Cloud extended services option is available only for some images. If this option is not available when you select an image, you cannot directly enable HTTPS access to the image. You can manually install an SSL certificate to enable HTTPS access. For more information, see Install an SSL certificate in a Node.js environment and Install an SSL certificate in a WordPress runtime.
How do I download images in Simple Application Server?
You cannot directly download images in Simple Application Server. To download an image, you can perform the following operations:
Share an image created in Simple Application Server to ECS. For more information, see Share an image to ECS.
On the Shared Images tab of the ECS console, copy the shared image to create a custom image. For more information, see Copy a custom image.
On the Custom Images tab of the ECS console, export the custom image. For more information, see Export a custom image.
NoteDue to image copyright limits, you cannot export custom images that are created based on application images or images that run Windows operating systems.
What do I do if the initialization of a Plesk application image gets stuck at 95%?
Create and enable the following firewall rules for the server that is created based on the Plesk application image. For more information, see the "Manage a firewall" section of the Manage the firewall of a simple application server topic.
Firewall rule with Protocol set to TCP, and Port Range set to 80, 443, 8880, 8443, and 8447.
Firewall rule with Protocol set to UDP, and Port Range set to 443 and 8443.
Use the
root
account to connect to the server. For more information, see Connect to a Linux server.Run the following command to update the configuration parameters:
/usr/local/psa/bin/cloning --update -prepare-public-image true -reset-init-conf false -reset-license true -skip-update true
Run the following command to restart the server:
reboot
Re-initialize the Plesk application image as prompted in the console.
For more information about Plesk images, see Plesk Documentation and Help Portal.
Can I migrate data between simple application servers?
Yes, you can migrate data between simple application servers. If your simple application server cannot meet your business requirements even after configuration upgrades, you can migrate the data on the server to another server in the same or a different region. For more information, see Migrate data between simple application servers.
Can I migrate data from a simple application server to an ECS instance?
Yes, you can migrate data from a simple application server to an ECS instance. If your simple application server cannot meet your business requirements, you can smoothly migrate data from the simple application server to an ECS instance to obtain more flexible resource configuration solutions. For more information, see Migrate data from a simple application server to an ECS instance.
Can I migrate data from a simple application server in the China (Hong Kong) region to a server in the Chinese mainland?
Yes, you can migrate data from a simple application server in the China (Hong Kong) region to a server in a region in the Chinese mainland. After a simple application server is created, you cannot directly modify its region. However, you can migrate data from a simple application server in the China (Hong Kong) region to a server in the Chinese mainland. For more information, see Migrate data between simple application servers.
Can I transfer a simple application server to another Alibaba Cloud account?
No, you cannot transfer a simple application server and the data on the server to another Alibaba Cloud account.
How do I obtain common application management commands?
Application management commands vary based on OSs, runtime environments, and application versions. For example, in the CentOS 7 OS:
If MySQL has been added to the system services, the command that is used to log on to MySQL is mysql -uroot -p.
If MySQL has not been added to the system services, you must go to the bin directory of the MySQL installation path and use the executable file to manage MySQL. An example of the commands that are used to log on to MySQL: ./mysql -uroot -p.
If you want to maintain the applications in your server, we recommend that you learn the O&M knowledge of the applications by visiting official websites of the applications or third-party websites. For more information, visit the following websites:
If your simple application server is created based on an application image, after the server is created, you can view the image version, basic operation steps of the application, and the installation path of the application in the Simple Application Server console. For more information, see Manage applications on a server that is created based on an application image.
What do I do if the CPU utilization of a simple application server is exceptionally high due to mining programs?
For more information, see Best practices for handling mining programs.
Why is my server unable to access GitHub?
Accessing GitHub from a simple application server located within the Chinese mainland might be unsuccessful due to cross-border network connectivity challenges. We recommend that you try the connection at another time or consider utilizing third-party tools to overcome this obstacle.
On Windows simple application servers, the message "Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration" appears when I use Internet Explorer to visit a website. What do I do?
For information about how to resolve this issue, see What do I do if I am prompted with the error message "Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration"?
What are the paths to the configuration files of databases for common third-party open source programs?
Paths to configuration files vary based on third-party open source programs and the types of the databases used.
Before you perform high-risk operations such as modifying the configurations or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
Before you modify the configurations or data of an instance, such as an ECS instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backup for the instance. For example, you can enable log backup for an ApsaraDB RDS instance.
If you granted access permissions on sensitive information or submitted sensitive information, such as usernames and passwords, in the Alibaba Cloud Management Console, we recommend that you modify the information at the earliest opportunity.
The following table describes the paths to the configuration files when the system calls a MySQL database by using PHP.
Software | Path to the configuration file |
UCenter | /data/config.inc.php |
Discuz! | /config.inc.php |
UCH | /config.php |
EmpireCMS | /e/class/config.php |
ECShop | /data/config.php |
ShopEX | /config/config.php |
WordPress | /wp-config.php |
Joomla! | /configuration.php |
HDWiki | /config.php |
PHPwind 8.0 | /data/sql_config.php |
DedeCMS | /data/common.inc.php |
PHPCMS | /include/config.inc.php |
.Net program | /web.config |
After I uninstall or stop Cloud Assistant Agent on my simple application server, the features of the server such as HTTPS settings, load balancing, OS resetting, and remote connection are affected. What do I do?
By default, Cloud Assistant Agent is installed on each simple application server. If you uninstall or stop Cloud Assistant Agent, the features of the server such as HTTPS settings, load balancing, OS resetting, and remote connection may be affected. Do not manually uninstall or stop Cloud Assistant Agent on your simple application server.
If one of the preceding problems occurs on your server, use the following solutions:
Log on to the simple application server. For more information, see Connect to a Linux server or Connect to a Windows server.
Check whether the process corresponding to Cloud Assistant Agent runs as expected.
For Linux servers, run the following command:
ps -ef |grep aliyun-service
If a command output similar to the following example is returned, the process corresponding to Cloud Assistant Agent is running as expected.
root 30758 30703 0 16:38 pts/0 00:00:00 grep --color=auto aliyun-service root 31161 1 0 2021 ? 00:34:31 /usr/local/share/aliyun-assist/2.2.3.256/aliyun-service
For Windows servers, check whether the aliyun_assist_service process exists in the Task Manager.
If the process is not found, start Cloud Assistant Agent.
For Linux servers, run one of the following commands:
# If the Linux distribute supports systemctl, run the following command: systemctl start aliyun.service # If the Linux distribute does not support systemctl, run the following command: /etc/init.d/aliyun-service start
For Windows servers, use the Server Manager to start AliyunService.
If Cloud Assistant Agent still cannot be started after you perform the preceding operations, reinstall Cloud Assistant Agent. For more information, see Install Cloud Assistant Agent.
How do I configure a Windows simple application server to allow multiple users to log on to the server at the same time?
You can configure a Windows simple application server to allow multiple users to log on to the server at the same time. For more information, see Enable multiple users to log on to a Windows ECS instance.
How do I upload files to a simple application server?
You can use the WinSCP client and the FTP protocol to upload files to a simple application server and then perform other operations on the files, such as downloading or deleting the files. Select an uploading method based on the OS of the server.
For Windows servers, use Workbench to connect to the servers and then perform operations on files. For more information, see Connect to a Windows server.
For Linux servers, use Workbench or WinSCP or build an FTP server and then perform operations on files. For more information, see (Recommend) Method 1: Use Workbench to connect to a Linux server, Use WinSCP to connect to a simple application server, or Build an FTP server (Linux).
How do I install applications on a simple application server?
If your simple application server is created based on an application image, the server has an application or a runtime environment installed. If your simple application server is created based on a system image, you can log on to the server to install an application or a runtime environment.
The following example describes how to install a Python environment:
Connect to the simple application server. For more information, see Connect to a Linux server.
Run the following command to install a Python environment.
In this example, the Python 2.7 environment is installed.
sudo yum install python
When the following output is returned, enter
y
as prompted.Loaded plugins: fastestmirror ... Is this ok [y/d/N]: y ...
Run the following command to check whether the Python environment is installed:
python -V
If the following message is returned, the Python 2.7 environment is installed:
[admin@iZbp176xsi6ct73elzq**** ~]$ python -V Python 2.7.5
How many service identification numbers for ICP filings does a simple application server support?
A simple application server can support up to five service identification numbers for ICP filings. The five service identification numbers allow you to apply for five ICP filings. A website can be associated with multiple domain names. For example, you applied for ICP filings for two websites. The first website is associated with the aliyundoc.com
domain name. The second website is associated with the example.com
and example.org
domain names. After your ICP filing application is approved, you can use the domain names to access their associated websites.
Make sure that all domain names that are associated with a website point to the same website. After the ICP filing application is approved, these domain names cannot be associated with other websites. For example, the
example.org
domain name that is associated with the second website cannot be associated with another website.ICP filings are required only for top-level domain names. You can build a new website on your simple application server and associate the website with the
blog.aliyundoc.com
domain name. Then, you can build another website and associate the website with thenew.example1.com
domain name. Websites that are bound to lower-level domain names do not count against the limit of service identification numbers for ICP filings.
What do I need to take note of before I apply for an ICP filing for a simple application server?
Before you use a simple application server that is deployed inside the Chinese mainland to host your website, you must apply for an ICP filing for the server. For more information, see What is an ICP filing?
If you use a simple application server that is deployed outside the Chinese mainland to host your website, you do not need to apply for an ICP filing.
For more information about ICP filing applications, see Overview.
After you submit an ICP filing application in the Alibaba Cloud ICP Filing system, a service identification number is used to associate the applied simple application server with the website that you want to host on the server. For more information, see Apply for service identification numbers for free. When you apply for service identification numbers, take note of the following items:
Starting from May 21, 2018, only when the subscription period of the simple application server that hosts your website is three months or longer, you must apply for an ICP filing for your server. The subscription period includes the renewal period.
A public IP address of a simple application server can be associated with up to five service identification numbers, which can be used for five ICP filing applications. Filing of a website consumes a service identification number. Then the service identification number is in use. You cannot reuse the service identification number to apply for an ICP filing for another website. If you deregister the website or remove Alibaba Cloud from your cloud service provider list, the service identification number is still considered used. You cannot reuse the service identification number to apply for an ICP filing for another website.
The following rules apply to the number of domain names that you can associate with a service identification number:
If no service identification number has been issued for your entity and domain names of your website, you can submit up to five websites and multiple domain names for each website.
If a service identification number has been issued for your entity and domain names of your website and you want to add new domain names to the existing service identification number, you only need to submit one domain name for each website. You can submit multiple websites in multiple ICP filing applications. For example, if the
ICP Bei # 1200000 - 1
service identification number is associated with multiple domain names and you add one of the domain names to the new ICP filing application, after this domain name is approved in the Alibaba Cloud ICP Filing system, other domain names that are associated with theICP Bei # 1200000 - 1
service identification number are automatically approved. After theICP Bei # 1200000 - 1
service identification number is submitted, you can continue to submit another service identification number.
Before the ICP filing application that you submit is approved, your websites cannot provide services on the server.
If you have obtained a service identification number through another cloud service provider, you need to transfer the ICP filing to Alibaba Cloud. After your application for transferring the ICP filing is approved by the communications administration, your websites can provide services on the server. You must complete the transfer procedure within 30 days. Otherwise, your website remains inaccessible.
What ICP filing policy is applicable to simple application servers?
For simple application servers that were purchased on or after May 21, 2018 and have a cumulative subscription period of three months or longer, you can apply for ICP filings. Other rules remain unchanged.
Simple application servers that were purchased before May 21, 2018 are not subject to this new policy and are still subject to the original rules on applying for ICP filings.
I subscribed to a one-month simple application server and renewed it for an additional two months. Can I apply for ICP filings?
Yes, you can apply for ICP filings for the server. After the simple application server is renewed for an additional two months, the cumulative subscription period of this server is three months, which meets the minimum requirements for applying for an ICP filing.
I subscribed to a simple application server whose subscription period is longer than three months. The server is about to expire. Can I still apply for ICP filings?
Yes, you can apply for ICP filings for the server. Simple application servers whose subscription period is three months or longer and that have not expired are eligible to apply for ICP filings.
When an ICP filing is being applied for or after a service identification number is issued for a website on a simple application server, if the server is not renewed and is released due to expiration, traffic destined for the website cannot be directed to the simple application server. In this case, the service identification number may be revoked, which affects access to the website.