All Products
Search
Document Center

Elastic Compute Service:Check whether TCP port 80 is available

更新時間:May 09, 2022

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

Overview

This article describes how to check whether TCP port 80 is available on different operating systems.

Description

Alibaba Cloud reminds you that:

  • When you perform operations that have risks, such as modifying instances or data, check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
  • If you modify the configurations and data of instances including but not limited to ECS and RDS instances, we recommend that you create snapshots or enable RDS log backup.
  • If you have granted permissions or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify the information in a timely manner.

If an instance cannot provide HTTP services, perform the following operations to check whether the port (TCP 80 by default) related to the web service is available:

  1. Log on to the ECS console to confirm that the security group allows the port.
  2. Connect to the ECS instance to confirm that the service is enabled.
  3. Confirm that the port is listened on. If it is not listened on, modify the listen address.
  4. Confirm that the firewall rules for the instance have allowed the service.
  5. If the problem persists, submit a ticket.

This article describes how to check whether TCP port 80 is available on the following operating systems:

The following section describes how to check whether TCP port 80 is available on a Windows Server 2012 system.

Windows Server 2012

Note: For this example, Internet Information Services (IIS) has been installed on a Windows Server 2012 instance.

  1. Log on to the ECS console. Ensure that the following security group rules have been added to the security group to which the instance belongs:

    Network type NIC type Rule direction Action Protocol type Port range Authorization type Authorization object Priority
    VPC Not required Inbound Allow HTTP (80) 80/80 CIDR block 10.0.0.0/8 1
    Classic network Internet
  2. Connect to the Windows instance. For more information, see Connect to a Windows instance.

  3. Perform the following steps to check whether IIS is started:

    1. In the Server Manager window, choose Tools > Internet Information Services (IIS) Manager. If this option is unavailable, IIS is not installed. You must install the service first.
    2. In the Internet Information Services (IIS) Manager window, verify the following information:
      • In the left-side Connections pane, right-click the instance ID. If Start is displayed as a dimmed option, IIS is already started.
      • Click Sites and check the status of the website on the right. If the value of the Status column is Stopped, click the website. In the right-side Actions pane, click Start in the Manage Web Site section.
  4. Perform the following steps to check whether the port is listened on:

    1. Open the Command Prompt window.
    2. Run the following command:
      netstat -ano | findstr :80
      If TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 is displayed, all traffic from port 80 is listened on. Otherwise, you must modify the listen address.
  5. Perform the following steps to check whether the firewall rules of your instance has allowed HTTP services:

    1. Choose Control Panel > System and Security. In the System and Security window, click Windows Firewall.
    2. Based on the status of the firewall, you can perform different operations.
      • If the firewall is disabled, no other operations are required. If you still cannot access the website, submit a ticket.
      • If the firewall is enabled, perform the following operations:
        1. Click Advanced settings.
        2. In the left-side navigation pane of the window, click Inbound Rules.
        3. Select World Wide Web Services (HTTP inbound). If No is displayed in the Enabled column, click Enable Rule in the Actions pane.

  6. If you still cannot access the instance, submit a ticket.

The following section describes how to check whether TCP port 80 is available on a Windows Server 2008 system.

Windows Server 2008

Note: For this example, IIS has been installed on a Windows Server 2008 instance.

  1. Log on to the ECS console. Ensure that the following security group rules have been added to the security group to which the instance belongs:

    Network type NIC type Rule direction Action Protocol type Port range Authorization type Authorization object Priority
    VPC Not required Inbound Allow HTTP (80) 80/80 CIDR block 10.0.0.0/8 1
    Classic network Internet
  2. Connect to the Windows instance. For more information, see Connect to a Windows instance.
  3. Perform the following steps to check whether IIS is started:

    1. In the Server Manager window, choose Role > Web Server. If this option is unavailable, IIS is not installed.
    2. In the Web Server window, confirm that All Running is displayed in the System Services section. Otherwise, you must start all services.
  4. Perform the following steps to check whether the port is listened on:

    1. Open the Command Prompt window.
    2. Run the following command:
      netstat -ano | findstr :80
      If TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 is displayed, all traffic from port 80 is listened on. Otherwise, you must modify the listen address.
  5. Perform the following steps to check whether the firewall rules of your instance has allowed HTTP services:

    1. Choose Control Panel > System and Security. In the System and Security window, click Windows Firewall.
    2. Based on the status of the firewall, you can perform different operations.
      • If the firewall is disabled, no other operations are required. If you still cannot access the website, submit a ticket.
      • If the firewall is enabled, perform the following operations:
        1. Click Advanced settings.
        2. In the left-side navigation pane of the window, click Inbound Rules.
        3. Select World Wide Web Services (HTTP inbound). If No is displayed in the Enabled column, click Enable Rule in the Actions pane.
  6. If you still cannot access the instance, submit a ticket.

The following section describes how to check whether TCP port 80 is available on a CentOS 7.3 system.

CentOS 7.3

Note: For this example, NGINX is installed on a Linux ECS instance running CentOS 7.3.

  1. Log on to the ECS console. Ensure that the following security group rules have been added to the security group to which the instance belongs:

    Network type NIC type Rule direction Action Protocol type Port range Authorization type Authorization object Priority
    VPC Not required Inbound Allow HTTP (80) 80/80 CIDR block 10.0.0.0/8 1
    Classic network Internet
  2. Connect to the Windows instance. For more information, see Connect to a Linux instance.
  3. Run the following command:

    systemctl status nginx
    If a similar output is displayed as shown in the following figure, NGINX is started. Otherwise, run the systemctl start nginx command.
    CentOS7.3 _nginx is started
  4. Run the following command to check whether the port is listened on:

    netstat -an | grep 80
    If tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN is displayed, all traffic from port 80 is listened on. Otherwise, you must modify the listen address.
  5. By default, firewalld is installed on CentOS 7 and later. If firewalld.service is enabled, run the following command to allow traffic on TCP port 80: by running the following command. If success is returned, traffic on TCP port 80 is allowed.

    firewall-cmd --add-port=80/tcp --permanent

    If your operating system version is earlier than CentOS 7 and iptables is enabled, note that iptables does not block access by default. If you have configured iptables rules, perform the following steps:

    1. Run the iptables --line -vnL command to query the list of rules. You can perform different operations based on the returned results.
      • If you have set your default action to block, run the iptables -A INPUT -p tcp --dport 80 -j ACCEPT command to add a rule to allow traffic on TCP port 80.
      • If you have set a rule to drop TCP 80 Port, replace the rule to allow traffic on TCP port 80 by running the iptables -R INPUT [rule ID for port 80] -p tcp --dport 80 -j ACCEPT command.
    2. Run the service iptables save command to save the rule.
  6. If you still cannot access the instance, submit a ticket.

The following section describes how to check whether TCP port 80 is available on a Ubuntu 16.04 system.

Ubuntu 16.04

Note: For this example, Apache2 is installed on a Linux ECS instance running Ubuntu 16.04.

  1. Connect to the ECS console. Ensure that the following security group rules have been added to the security group to which the instance belongs:

    Network type NIC type Rule direction Action Protocol type Port range Authorization type Authorization object Priority
    VPC Not required Inbound Allow HTTP (80) 80/80 CIDR block 10.0.0.0/8 1
    Classic network Internet
  2. Connect to the Windows instance. For more information, see Connect to a Linux instance.
  3. Check whether the Apache2 web server is started by running the service apache2 status command. If a similar output is returned as shown in the following figure, the Apache2 web server is started. Otherwise, run the service apache2 start command.
    The Apache2 web server is available on the Ubuntu 16.04 system

  4. Run the following command to check whether the port is listened on:

    netstat -an | grep 80
    If tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN is displayed, all traffic from port 80 is listened on. Otherwise, you must modify the listen address.
  5. If you have enabled Uncomplicated Firewall (UFW) on Ubuntu, run the ufw allow 80/tcp or ufw allow http command to allow traffic on TCP port 80 or allow HTTP services. If Rule added is returned, traffic on TCP port 80 or HTTP services are allowed.

    Note: If firewalld has been installed and firewalld.service has been enabled on the instance, run the firewall-cmd --add-port=80/tcp --permanent command to allow traffic on TCP port 80. If success is returned, traffic on TCP port 80 is allowed.

  6. If you still cannot access the instance, submit a ticket.

Application scope

  • ECS