You are here
Hi,
we installed the Gitea image from TurnKey (https://aws.amazon.com/marketplace/pp/TurnKey-GNULinux-Gitea-Painless-se...) on a t2.small EC2 instance. The process itself was very straightforward. Now, I want to follow the instructions and initialize the instance:
After creating an EC2 instance with 1-Click, browse to http://<Public_DNS>/ for system initialization instructions. This step is required to install security updates and set sensitive passwords.
This doesn't work, I cannot access the public dns address and I get time-outs. I also tried to access the instance through SSH without success. I'm new to AWS, am I doing something wrong?
The process is not painless at all, at the moment. I hope someone can give explanation what is going on here.
Best regards,
Martin
Hi there, so you can't browse to the AWS DNS name or public IP?
Hi Martin.
First, thanks for trying out TurnKey Linux and sorry to hear of your troubles. To be sure that we're on the same page, you tried browsing to the AWS DNS address (e.g. something like 'ec2-123-456-789-1.compute-1.amazonaws.com') and/or the public IP address in your web browser and can't connect and are getting timeouts (i.e. no response)? You have also tried SSH to the same address/IP and that too failed? (You didn't mention the username you were trying to use, nor whether that was timing out too, or some other error?!).
How long after launch did wait before you tried connecting? If you could please share the size and region you were trying to launch, then I'll double check launching one myself to ensure that there is nothing fundamentally wrong with it. Unless you waited and retried later, my guess is that it just hadn't finished booting when you tried to connect.
Please note that it can take up to 10 minutes for a freshly launched instance to become available (keep in mind that an AWS EC2 server is essentially a VM, so it still needs to boot up). Usually it should only take a few minutes, but I'd encourage you to wait at least 10 minutes before you start to worry that things may not be working as they should. Within the AWS console, check the instance status and once it is passing 2/2 tests, it should be good to go.
Also for what it's worth, the instructions available via the web browser simply tell you to log in via SSH (user: 'admin') and answer the questions that you are presented with (e.g. setting passwords etc).
If for some reason it isn't working within 10 minutes of launch, I suggest that you double check the network and security group setting that you allocated to your instance. If the AWS console reports that the instance is running ok and you can't connect, then network config and/or security group (aka firewall) settings are most likely the issue. If that all seems ok, or you want to try again, then you can destroy that instance and create a new one from scratch.
If you continue to have troubles, please share the instance size and region so I can see if I can reproduce the issue.
Alternatively, if you are new to AWS, perhaps a more simplified interface would be of value? If so, please consider checking out the TurnKey Hub, namely the Cloud Servers component. It makes launching and managing TurnKey appliances a breeze! :)
I look forward to hearing how it goes and/or further info so I can try to reproduce it myself.
Alright, so let's get on the same page
Hi Jeremy,
first of all, thank you for the quick fast reply. This shows that you deeply care sharing your products. Yes, let's get on the same page.
The EC2 was set up in the Frankfurt Region (Germany) and the installation was smooth: https://1drv.ms/u/s!AuWULOinwuA8gsYXZCscV8Ze0SdDFQ?e=fz89Ho
Details: https://1drv.ms/u/s!AuWULOinwuA8gsYb68dyhtKKGmZrCQ?e=QsTziM
Clicking on open address on any of the public DNS links will result in:
https://1drv.ms/u/s!AuWULOinwuA8gsYZPBNO1Y3jO1jlww?e=KasOtD
and
https://1drv.ms/u/s!AuWULOinwuA8gsYWT52DSKIDySJkag?e=deKhe0
Trying to connect here: https://1drv.ms/u/s!AuWULOinwuA8gsYUXU7_uKWOXL0mKQ?e=QupINI
will result with
https://1drv.ms/u/s!AuWULOinwuA8gsYYcOudGgt4FF6WmA?e=CT0oVt
and the link leads me to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect... but I am a little bit confused, shouldn't the Marketplace package configure the instance for me, properly?
I also tried to connect SSH with the root user: https://1drv.ms/u/s!AuWULOinwuA8gsYV-2GVyY2lpQjEXw?e=iCEXtU
and the result is a time out, too: https://1drv.ms/u/s!AuWULOinwuA8gsYaTMB1Pq3ZV9nECA?e=CChVU8
I also tried to connect using admin instead of root.
In the screenshots the EC2 instance just started, but I also tried it 15 minutes after launch and the result was the very same.
It has to be a network issue, but I'm not sure I know what I am doing. First of all the I found the CIDRs of the VPC and it's in the range 172.31.0.0/16 and the private IP of the EC2 instance is in this range.
Also this are the security roles:
https://1drv.ms/u/s!AuWULOinwuA8gsYd-Z7T8rrgu2cykw?e=mUmq4X
https://1drv.ms/u/s!AuWULOinwuA8gsYcz9X13rJ8YQn3OQ?e=m86Lmj
When I bought the package on the marketplace I was expecting it to configure the instance properly, so things work right away, is this configuration wrong?
I want to use AWS in the hope that I get familar with it, so hopefully you can tell me what's wrong here and how it can be fixed, so it won't just work, but I even will learn something in the process.
If things look uncertain, how can I retry the process without causing any more cost?
Thank you for the help and best regards!
Thanks for info
Thanks for the additional info, and your kind words too! :)
Also apologies that I haven't replied sooner. Actually, I did spend a fair bit of time investigating and writing up a response yesterday, but I must not have clicked the final "save"?! Argh! So this response probably won't be as good or thorough as the one I didn't save yesterday, but anyway...
First up, I launched a new t2.small TurnKey Gitea server in eu-central-1 (using our predefined security group rules and a known working VPC) and it works fine. So there's nothing fundamentally wrong with the AMI.
After reading through your posts, it's clear that you are getting no response from your server (everything appears to be timing out; suggesting no connection at all), so it's almost certainly issues with networking. I'd go as far to suggest that it's either issues with the "Security Group" (aka AWS firewall) and/or the VPC/subnet configuration (aka AWS network setup). AWS config is not really that newb friendly and isn't really designed to be used by the average passer by (hence why we built the TurnKey Hub).
So moving forward, I see 2 clear options:
TurnKey Hub
Using the TurnKey Hub (namely the "Cloud Server" component) as I noted previously is almost certainly the quickest and easiest path forward. It's essentially just a simplified AWS interface specifically for launching and managing our servers. It was designed to take care of a lot of the complexity and soften the sharp edges of AWS (FWIW, that also takes care of the first step of initialisation; as you do that within the Hub's webUI prior to launch). Bottom line is that it's a much more user friendly interface for launching and managing TurnKey appliances on AWS. On the downside though, it doesn't actually support the Frankfurt region (IIRC, in EU it only supports Ireland). It also doesn't support the complex configurations possible via the AWS console directly (e.g. it auto configures a VPC for you - no VPC customisation is supported).
Even if you don't want to use the Hub, by default, you get a free 14 day trial. So it may be a quick way to get a working VPC (and subnet) that you can use for reference?! If you do go that path and don't have plans to continue using the TurnKey Hub, be sure to downgrade the plans to free. If for some reason you forget and get charged by us, then please reach out and I'll happily process refunds. Note that relevant AWS usage fees still apply to Hub usage - billed directly by AWS.
AWS Console
The other option is to persevere with AWS console directly. Unfortunately, I'm not that familiar with AWS console direct usage beyond the basics (I would consider myself a basic AWS user, certainly not advanced). And networking is certainly not my strong suit either. Regardless, it may be as simple as misconfigured security group, which will be easy to fix.
Whilst we do provide images to AWS Marketplace and provide support for them, I certainly wouldn't consider it a newb friendly platform. I'm more than happy to share what I know, and hopefully point you in the right direction, but I can't provide free support for general AWS setup and configuration - even AWS charge for this themselves (which is another option I guess if you're open to spending some money?!). That's why we built the TurnKey Hub, so we don't have to drain our meagre resources (especially in comparison to AWS - who already make the lion's share of revenue from use of our servers) providing support for someone else's infrastructure! I hope you can understand that?
I'd also like to note that IMO the "AWS Connect" thing is a bit of a red herring. It's not something that is pre-installed on our AMIs, and requires a SSH connection to set up (so you can't use it until you can SSH in anyway...). Regardless, I do appreciate you noting it, as perhaps we could look into that a bit further and perhaps consider pre-installing that in our AWSMP servers to make life easier for some?!
So moving along, the easiest thing to check (and fix if it's wrong) is the security group. Ideally when you launched the server, you should have selected the option to create a new security group based on our recommendations. If so, it should look something like this:
The screenshot is from the AWSMP setup process, but you can change the current security group to match these settings if you didn't. The most important ones (at least initially) are ports 22 (SSH), 80 (HTTP) and 443 (HTTPS) (9418 is for git protocol, but if you use just SSH or HTTPS for git, then you don't need to allow that port; 12320 is Webshell, probably worth leaving disabled if you don't plan to use it; 12321 is Webmin - a Linux admin webUI). No reboot or service restarts are required to apply the changed config.
If that isn't it, then IMO it must be VPC and/or subnet config. TBH, VPC/subnet config is a PITA and not something I'm super familiar with (I usually only ever launch new AWS servers to test and/or try to reproduce bugs that have been reported and I set up VPCs ages ago and don't remember how to configure them as I just reuse the working ones I already have configured). It's also not possible to change a server's VPC once it's been launched. It may be possible to make some adjustments, but IIRC the only way to make significant changes, is to start again (i.e. destroy this server and create a new one)... You can create the VPC and subnet(s) separately if you want, then connect them to a new AWS instance (i.e. launch a new AWSMP instance and select your pre-configured VPC & subnet). FWIW, from what I can gather, AWS should provide a default working VPC, but that hasn't been my experience (and it sounds like perhaps not yours either!?).
Re costs, as AWS charge for everything incrementally, it shouldn't cost too much to play around with this stuff. E.g. server useage charges only acrue while a server is running, so stopping a server will significantly reduce your fees. Although storage costs apply to your root volume, whether the server is running or not. So be sure to terminate/destroy any servers (and volumes/snapshots) that you no longer want/need. It's perhaps also worth noting that there aren't charges associated with VPCs or subnets, so you don't need to worry about deleting them (although it's probably a good idea to delete any that don't work to avoid future frustration).
As I say, I can't really give much advice or support on creation of a VPC and subnet for your AWS server. So unfortunately, you'll need to do a bit of reading and perhaps research, and likely a bit of trial and error too...
So here's some starting places (for reading, research, etc):
Beyond those AWS resources, I'm sure that there are plenty of 3rd party info/tutorials/etc available via the net if you do a bit of searching.
I hope that at least helps a bit. Sorry that I don't have a clear, concise "just do this, then that" type advice, but the bottom line is that if you want to use TurnKey servers on AWS, the TurnKey Hub is the quick, easy way. If you prefer to persevere with AWS, then you'll need to do a bit of leg work to get yourself up to speed.
If you discover anything of interest, or have any further questions, please share. If nothing else, that may assist someone in your position in the future...
Good luck! :)
Oh, here's a couple more screenshots
FWIW, here's the "initialisation" screen you should see when you browse to your server (once you successfully get one running) - click to open the screenshot full size:
And if/when you retry launching a new instance (after configuring a VPC) then these are the settings you'll need to pay particular attention to:
Obviously, select your keypair in that bottom option...
Thank you so much, Jeremy
Dear Jeremy,
thank you for taking so much time into supporting me, even though, this is not a problem with the product, but with the instance configuration. Your network advices were helpful. I enabled all incoming ports and now the instance is reachable.
I was able to initialize Gitea properly and now it's running, thanks a lot!
Sincerely,
Martin
Awesome! :)
So glad to hear that you got it going and it wasn't too hard. Good luck with it all and please do not hesitate to post back if you have any further concerns or questions. Or for that matter, any feedback and/or suggestions! :)
Add new comment