如何配置对EC2实例的直接http访问? [英] How to configure direct http access to EC2 instance?
问题描述
这是一个非常基本的Amazon EC2问题,但是我很困惑,所以去了。
This is a very basic Amazon EC2 question, but I'm stumped so here goes.
我想启动一个Amazon EC2实例并允许访问HTTP端口80和8888
从任何地方。到目前为止,我什至不能允许实例使用
自己的IP地址在这些端口上连接(但它将连接到本地主机)。
I want to launch an Amazon EC2 instance and allow access to HTTP on ports 80 and 8888 from anywhere. So far I can't even allow the instance to connect to on those ports using its own IP address (but it will connect to localhost).
I使用管理控制台(以及SSH)上的标准HTTP选项为HTTP配置了默认安全组。
I configured the "default" security group for HTTP using the standard HTTP option on the management console (and also SSH).
我在默认安全组中启动了实例。
I launched my instance in the default security group.
我两次在SSH端口22上连接到实例,并在一个窗口中在端口80上启动HTTP服务器
。在另一个窗口中,我确认可以连接
I connected to the instance on SSH port 22 twice and in one window launch an HTTP server on port 80. In the other window I verify that I can connect to HTTP using the "localhost".
但是当我尝试使用公共DNS或专用IP地址从实例(或其他任何地方)访问HTTP时拒绝连接。
However when I try to access HTTP from the instance (or anywhere else) using either the public DNS or the Private IP address I het "connection refused".
我在做什么错了?
下面是一个控制台片段,显示了成功的wget和失败的两个实例均从实例本身运行。
Below is a console fragment showing the wget that succeeds and the two that fail run from the instance itself.
--2012-03-07 15:43:31-- http://localhost/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: /__whiff_directory_listing__ [following]
--2012-03-07 15:43:31-- http://localhost/__whiff_directory_listing__
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: "__whiff_directory_listing__"
[ <=>
] 7,512 --.-K/s in 0.03s
2012-03-07 15:43:31 (263 KB/s) - "__whiff_directory_listing__" saved [7512]
[ec2-user@ip-10-195-205-30 tmp]$ wget http://ec2-50-17-2-174.compute-1.amazonaws.com/
--2012-03-07 15:44:17-- http://ec2-50-17-2-174.compute-1.amazonaws.com/
Resolving ec2-50-17-2-174.compute-1.amazonaws.com... 10.195.205.30
Connecting to ec2-50-17-2-174.compute-1.amazonaws.com|10.195.205.30|:80... failed:
Connection refused.
[ec2-user@ip-10-195-205-30 tmp]$ wget http://10.195.205.30/
--2012-03-07 15:46:08-- http://10.195.205.30/
Connecting to 10.195.205.30:80... failed: Connection refused.
[ec2-user@ip-10-195-205-30 tmp]$
推荐答案
标准tcp套接字接口要求您在发送或侦听时绑定到特定的IP地址。有一些特殊的地址:本地主机(您可能熟悉)为127.0.0.1。还有一个特殊地址,即0.0.0.0或INADDR_ANY(互联网协议,ANY ADDRESS的特殊缩写)。这是一种侦听主机上任何或更常见的所有地址的方法。这是一种告诉内核/堆栈您对特定IP地址不感兴趣的方法。
The standard tcp sockets interface requires that you bind to a particular IP address when you send or listen. There are a couple of somewhat special addresses: localhost (which you're probably familiar with) which is 127.0.0.1. There's also a special address, 0.0.0.0 or INADDR_ANY (internet protocol, special shorthand for ANY ADDRESS). It's a way to listen on ANY or more commonly, ALL addresses on the host. This is a way to tell the kernel/stack that you're not interested in a particular IP address.
因此,当您设置要侦听的服务器时 localhost告诉您要使用该主机的用户只能访问的特殊保留地址,尽管该地址存在于每个主机上,但与localhost的连接将永远只能到达您的主机
So, when you're setting up a server that listens to "localhost" you're telling the service that you want to use the special reserved address that can only be reached by users of this host, and while it exists on every host, making a connection to localhost will only ever reach the host you're making the request from.
当您希望服务可以在任何地方(在本地主机上,在所有接口上等)都可以访问时,可以指定0.0.0.0。
When you want a service to be reachable everywhere (on a local host, on all interfaces, etc.) you can specify 0.0.0.0.
这篇关于如何配置对EC2实例的直接http访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
