AWS ec2 Node.js Application - Forbidden Port 80 (403 Response)

0
votes

When I am running an open source application "atwork" (https://github.com/ritenv/atwork) on an ec2 machine instance on port 80, I get server responses with forbidden codes (403):

AtWork running at 0.0.0.0:80
GET / 304 3.802 ms - -
GET /users/notifications 403 3.972 ms - 9
GET /posts?limitComments=true 403 0.956 ms - 9
GET /chats 403 1.289 ms - 9
GET /streams?subscribed=true 403 0.708 ms - 9
GET /streams?unsubscribed=true 403 0.859 ms - 9
GET /users/me 403 0.847 ms - 9
GET /system-settings 304 4.803 ms - -
GET /favicon.ico 304 0.453 ms - -
GET /system-settings 304 2.766 ms - -
GET /favicon.ico 304 0.322 ms - -

However, when I run it on another port (8080), I get the following 200 messages from the server:

AtWork running at 0.0.0.0:8080
GET / 200 4.219 ms - 6412
GET /users/notifications 304 12.189 ms - -
GET /posts?limitComments=true 304 5.162 ms - -
GET /chats 304 4.344 ms - -
GET /streams?unsubscribed=true 304 5.429 ms - -
GET /streams?subscribed=true 304 5.495 ms - -
GET /users/me 200 3.478 ms - 882
GET /system-settings 304 4.809 ms - -
Kirill A Novik is online.
GET /favicon.ico 304 0.795 ms - -

I have tried the following (However, none of it worked):

  1. Modify firewall options in the security groups on the AWS console allowing all tcp traffic on all ports.

  2. Run iptable like this:

    iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

Please help me to understand what I am doing wrong, and how I could make port 80 behave like other ports.

Thank you.

1
node.jsamazon-web-servicestcpamazon-ec2
Did you check the security group for your ec2 instance? stackoverflow.com/a/10454688/858578 - luchosrock
I did, all of the tcp traffic is allowed for all ips + http is allowed for all ips - Kirill Novik
Do you have something else running on port 80? - Frederic Henri
No, nothing else is running on this port. - Kirill Novik

1 Answers

0
votes

There is 2 possibilities to fix this issue. First, is to give the root permissions for ec2 machine's user, who runs the application. But it can be a security risk - running application as root.

The seconds is, the one i i prefer: running nodejs application as limited user, but behind reverse proxy.

Application can listen on ports > 1000 - like 8080 one. And you can run NGINX as revers proxy. It will listen on 80 or 443 port, and transfer requests to your nodejs application. You can use nginx configs like this - https://github.com/vodolaz095/hunt/blob/master/examples/serverConfigsExamples/nginx.conf