Can't open port 8080 on Google Compute Engine running Debian

26
votes

I am trying to run a simple Python http server that displays "hello world" on port 8080 using a micro instance. I also have 4 instances of Tornado running behind Nginx. Connecting to Nginx/Tornado on port 80 is not a problem.

I have added port 8080 to my firewall settings, and ensured port 8080 is open and listening on the server but no matter what I do, my connection is always refused. I have tried connecting using browsers, telnet and wget and every single connection is refused.

Here is the output of netstat -an | grep "LISTEN "

tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8002            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8003            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::8000                 :::*                    LISTEN
tcp6       0      0 :::8001                 :::*                    LISTEN
tcp6       0      0 :::8002                 :::*                    LISTEN
tcp6       0      0 :::8003                 :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

Here is my iptables list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here is the Python script I am using:

#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

PORT_NUMBER = 8080

#This class will handles any incoming request from
#the browser
class myHandler(BaseHTTPRequestHandler):

   #Handler for the GET requests
   def do_GET(self):
      self.send_response(200)
      self.send_header('Content-type','text/html')
      self.end_headers()
      # Send the html message
      self.wfile.write("Hello World!")
      return

try:
   #Create a web server and define the handler to manage the
   #incoming request
   server = HTTPServer(('', PORT_NUMBER), myHandler)
   print 'Started httpserver on port ' , PORT_NUMBER

   #Wait forever for incoming htto requests
   server.serve_forever()

except KeyboardInterrupt:
   print '^C received, shutting down the web server'
   server.socket.close()
5
google-compute-engine
some good directions here, one thing I missed, due to autocomplete on the field, was the /0 on the end of the source ip for ingress. as soon as I added it to ` 0.0.0.0` it worked.slappy-x

5 Answers

36
votes

Does your network have the corresponding firewall rule? Follow the next steps to create it.

  1. Go to the Developers Console and click on the corresponding project.

  2. Click on 'Compute'

  3. Click on 'Networks'

  4. Click on the name of the corresponding network. You can see in which network is your instance clicking on 'VM instances' under the 'Compute Engine' section or with the command:

    gcloud compute instances describe <instance> | grep "network:" | awk -F/ '{print $(NF)}'

  5. Under the Firewall rules section, click 'Create new'

  6. Enter a name for the firewall rule and in the field 'Protocols & ports' type: tcp:8080

  7. Save the rule

After that, you should be able to access your HTTP server.

Otherwise you can try to see if your machine receives the SYN TCP packets in that port with the command: sudo tcpdump -i eth0 port 8080

Hope it helps

11
votes

In GCE Web Console > Networks > Firewall rules > edit your RULE, remove TARGET TAGS and apply.

GL

1
votes

probably somethings goes wrong when You've created the network rule. When a network rule is described and related MetaTag is created, assure that the VMs instances contain the same MetaTag, so the wanted traffic will be redirected to the machine.

0
votes

Still not sure what went wrong, but I deleted my instance and network then created new ones. The new instance and network seem to be working fine, so I can only assume something went wrong when playing around with the old network as the new one doesn't seem to have the same problem.

0
votes

make sure to add the right port. the answer above states "tcp:80" , but this will not work if your server is running on another port. thats probably the reason why it is not working for others