19

I have a web application running on Amazon EC2. It listens on port 9898.

I can access it by entering the ip address and port number.

e.g 1.2.3.4:9898

However, what I'd really like to be able to do is to not have to enter the port number.

Researching this, it looks like port forwarding might be the solution - i.e. forward http requests received on the default port (80) to my non-standard port (9898).

Is this the correct way to go? If so, how do I set this up on EC2?

If not, then how do I achieve what I want?

Thanks in advance for any help.

Update

I should have mentioned the EC2 instance is a Windows Server 2012 AMI.

ksl
  • 315
  • 1
  • 3
  • 11
  • You'd need to have something in front of your server like HAProxy to forward requests..or use iptables. Amazon doesn't support port forwarding. – Nathan C Jan 24 '14 at 15:18

3 Answers3

10

The easiest way to do this without installing something yourself is putting an Amazon Elastic Load Balancer in front of the instance. These allow you to forward ports as you intend.

ceejayoz
  • 32,469
  • 7
  • 81
  • 105
  • I tried your suggestion but I can't get the ping check to work. – ksl Jan 24 '14 at 19:27
  • ceejayoz is correct ELB is the way to do it. Use TCP check if HTTP is not working. Sorry not enough reputation to comment. – Pestouille Jan 24 '14 at 19:59
  • Hi, please can you elaborate. – ksl Jan 24 '14 at 20:11
  • Try allowing ICMP on the Windows Server Firewall from the ELB address(es) – Tom O'Connor Jan 24 '14 at 21:11
  • The firewall is already configured by default to allow all ICMP V4 traffic. – ksl Jan 27 '14 at 16:25
  • I even set the ping check to check TCP:80 as an interim solution and it still won't pass. – ksl Jan 27 '14 at 17:13
  • @ksl Well, that'd be a problem, as your application is on `9898`, not `80`. – ceejayoz Jan 27 '14 at 17:44
  • @ceejayoz Got the ping check working now using port TCP:9898. Doesn't explain why HTTP:80 doesn't work. Thanks for the correction. However, I still can't connect using either curl or a browser unless I add the port number. (i.e. :9998) – ksl Jan 27 '14 at 18:13
  • From the EC2 console: Port Configuration: 80 (HTTP) forwarding to 9998 (HTTP) Stickiness: Disabled(edit) – ksl Jan 27 '14 at 18:14
  • @ksl The status check accesses the instance, not the load balancer, therefore it needs to check the health of port `9898`. You won't be able to use the instance's IP to access it via port `80`, you'll need to access the load balancer. – ceejayoz Jan 27 '14 at 18:32
  • @ceejayoz I hadn't appreciated that at all. It's working now. Thanks very much for your help. – ksl Jan 27 '14 at 19:59
9

You have two options.

1) Set up a reverse proxy to forward the HTTP requests (assuming it's HTTP) to a different port.

It should be as simple as: Install apache, enable the proxy_http module, put something like: 

ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
    Order allow,deny
    Allow from all
</Proxy>
ProxyPass / http://localhost:9898/
ProxyPassReverse / http://localhost:9898/

2) Set up IP Tables to forward the packets.

Community
  • 1
Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
  • I should have stated that the EC2 instance is a Windows Server 2012 AMI. I haven't been able to figure out what the Windows equivalent of IP Tables is. – ksl Jan 24 '14 at 19:47
  • Bugh. Try this. http://stackoverflow.com/questions/11525703/port-forwarding-in-windows – Tom O'Connor Jan 24 '14 at 21:11
  • Thanks for the response. I tried using netsh as you suggested but I can't get it to work. I've forwarding http requests on port 80 to both the public and private ip addresses of my EC2 instance. – ksl Jan 27 '14 at 16:22
-3

because I saw the comment on using iptables, I'll share my experience in ec2 linux. I found an excellent article on forwarding ports for Node.js. If you skip to instructions on editing sysctl.conf you see the forwarding instructions. My Linux procedure varied from Ubuntu slightly. Article is: http://www.lauradhamilton.com/how-to-set-up-a-nodejs-web-server-on-amazon-ec2

The work is done via ssh. The only gotcha I ran into was I pre-routed twice, without flushing iptables between, and my web app was not visible until I flushed and reloaded. I know that's a terrible image to conclude with, sorry.

Brian
  • 21