Kornel's picture

I signed up and created a Ruby on Rails instance through the Hub. Evrythng seemed to work wonderfully. I didn't get any error messages anywhere. I can see that my server is up in the Hub. But when I click on either web console or web management (the two icons in the Hub), it just starts up Safari and hangs at that URL, eventually timing out. I tried SSH-ing and pinging. It's as if the server wasn't there ar all.

But I can see in the Hub that it's up. So what am I missing? I'm sure I am doing something wrong...

Thanks,

Forum: 
Jeremy Davis's picture

If so, I have found that they can take a little while to propagate, particularly if you are using your ISP's DNS. I have switched to Google DNS (8.8.8.8) and it works much better.

Also I suggest that you try using the 'Public IP' (that should be detailed in the Hub) and connect direct to that in your web browser. At least then you'll know whether it's a DNS issue or something else...

Kornel's picture

Hi and thanks for the answer.

I think there is something else wrong besides just the delay because I tried using the IP as well. Sometimes I get as far as clicking on the IP address or even the DNS name, and I get a sort of welcome page with the two management icons on it. But when I click on them then Safari hangs. I tried it with Firfox as well.

Other things I looked at were: I removed all firewall rules to see if that was the problem and I started up a LAMP instance to see if the Rails image was somehow configured wrong. I still could not connect.

In addition I tried logging into Amazon's console directly to see if I can get more info there. To my surprize it was telling me I had no instances running, even though I could see my instance's uptime in your dashboard. So I am guessing the two dashboards don't share information.

What else can be the problem? I would definately prefer to use EC2 via TKL if I can get things going, becasue because your images and cleaner UI would save me a lot of time... 

Jeremy Davis's picture

So to clarify, you can access the appliance ok using IP (default http) but you cannot access the machine's Webmin and Webshell interfaces? Is that correct?

I haven't used the RoR instance myself but I assume that the 2 management icons that you see when browsing to your instance, are links to the same services as the Hub is linking to.

I have no idea why Safari or Firefox would hang, although I am not surprised that they are not loading the pages (those icons would link to the FQDN that is assigned to your instance rather than the IP so unless the domain is routed properly they won't work either).

You could try manually trying to access them by specifying the port. To do this open your appliance with the IP (from the Hub) and in the address bar, preface it with https and on the end of the IP add a colon and specify the port (port 12320 is for Webshell and 12321 is for Webmin). E.g. https://x.x.x.x:12321 should load Webmin for your appliance...

FWIW Amazon console should work. The only catch is that you will need to go to the correct datacentre location (the Hub works out where the best location to launch is and defaults to that, whereas AWS Console defaults to US-West-1 aka N California. So in AWS Console, select the correct region up in the top right corner.

It shouldn't be an issue with the firewall. TKL appliances come with firewall configured but disabled by default. The Amazon Security profile reads it's rules from the TKL firewall config but shouldn't be an issue unless you want to open additional ports...

Kornel's picture

Part of the mistery is solved: Verizon blocks even some very harmless outgoing traffic e,g. ICMP:

http://news.cnet.com/8301-13554_3-10013862-33.html

Though this still doesn't explain why I couldn't start up the management console from the Hub. But by turning off the firewall on my Verizon modem, I made my instance visible. I thought I share this in case someone else is having the same issue.

Jeremy Davis's picture

Wow, that sounds like poor design there...

As I posted above it does explain it if the DNS is slow to propagate... As the links (both in the Hub and from the appliance itself) will point to the FQDN rather than the IP, they will not work until the domain name has propagated (or you substitute the IP).

Kornel's picture

Jeremy,

It appears that the instance may have started up without Apache being started. I started up Apache, and right after I could immeadiately access webmin as well as webshell. (In my case DNS has been working for a while I think, because I could ssh and ping by DNS name for a while.)

Thanks.

Jeremy Davis's picture

Although that is very strange... Webmin actually doesn't run on Apache (it has it's own independant webserver). I don't think Webshell does either (OTTOMH I think it runs on LigHTTPd although I could be wrong...). So it is all a little strange. However as you are are up and running now, let's not fight it! :)

Kornel's picture

Jeremy, I stand corrected. I played with it a bit more. And now I also think Apache comes up properly on the instance.

This is the culprit:

http://www.webmin.com/firewall.html

Webmin requires port 10000 open. And my all powerful Verizon firewall seems to have blocked that as well by default:-)

So now that I know what the issues are I will be able to sort them out. It appears everything works out of the box on the instance. None of these issues had anything to do with either TKL or EC2.

Thanks again for your help!

Jeremy Davis's picture

TKL configures port 12321 for Webmin and port 12320 for Webshell (both use https). Although if your Verizon firewall is blocking port 10000, then chances are it's blocking ports 12320 and 12321 as well...

Also the link you provided is to the Webmin Firewall docs which talk about firewalls on the system it is installed to (in this case that are talking about the firewall that is built into TKL). And TKL does have a firewall configured, but it is disabled by default. But when you are running on Amazon the TKL appliances use the preconfigured firewall rules as the 'Security Profile' (which is basically just AWS' firewall). So there is a firewall preconfigured and running, but by default it doesn't block any of the ports that the TKL appliance needs/uses (e.g. 22, 80, 443, 12320, 12321, 12322, etc - depending on the appliance).

Anyway it sounds like you are having progress with it, so good luck! :)

Add new comment