Can't access Oracle Cloud Always Free Compute http port

Question

Yesterday, I was set up my first always free compute VM. I installed ubuntu 18.04 minimal on my VM. For my web service need, I installed Nginx. I'm confused because when I tried to access my public IP via a web browser, the Nginx welcome page didn't load. I think that is because port 80 didn't open. So, I tried to open that with set Ingress Rules in Security List Details menu as the picture below. Ingress Rule for port 80

But now, I still can't access the web server in my VM. May be there more experienced people in Oracle Cloud who can help me to solve this. Thank you

Answer 1

In my case - CentOS 8 Image, firewall-cmd saved rules, but the ports didn't work. The reason is that the system uses iptables and not nftables. So, change this /etc/firewalld/firewalld.conf file

# FirewallBackend=nftables
FirewallBackend=iptables

and

firewall-cmd --reload

did the trick.

Answer 2

$ sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT

$ sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT

$ sudo netfilter-persistent save

Answer 3

I wasted a lot of time on this. I wish I had found this first: https://docs.cloud.oracle.com/en-us/iaas/developer-tutorials/tutorials/apache-on-ubuntu/01oci-ubuntu-apache-summary.htm

1. configure ingress route for port 80

2. install ubuntu.

3. install apache/nginx

4. curl localhost should bring back webpage in text format, however fails over internet.

5. forget ufw firewall - this may cause issues with the Oracle firewall

6. use

$ sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
$ sudo netfilter-persistent save

7. test your web page over internet

Answer 4

You need to allow Firewall for the port you want

Suppose you want the HTTP and HTTPS ports on your instance up, then following commands would suffice.

sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Then save the iptable rules even after reboot next time by

sudo service iptables save

Also make sure you have kept the ingress rules for the ports on Oracle Cloud console.

Answer 5

This is how I did it without directly meddling with iptables.

First create an Ingress Rule in Oracle Cloud vps's dashboard/Networking/Virtual Cloud Networks, for example, for port range 23-90

Next, install firewalld in ubuntu (firewalld is available in centos I think)

sudo apt-get install firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

You only need to do this one time. It will still be there after a reboot.

Then, to open port 80:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent  #  or --add-service=http 
sudo firewall-cmd --reload

To verify:

sudo firewall-cmd --list-all

Output:

public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports: 80/tcp
  ...

The same applies to opening other port(s). You can easily remove the port (--remove-port=80/tcp + a --reload), refer to firewalld docs.

To test from a remote computer

1. run a web server at port 80 in Oracle Cloud vps if one is not already running, for example:

   python3 -m http.server 80
   

2. In a remote computer

   curl ip-of-oc-vps:80
   

I also wasted a lot of time on Oracle Cloud Always Free vps' firewall. I hope this can save other people some time.

Answer 6

If you have an Internet Gateway and Route Table is also configured, you might still need to check the OS level firewall. If that is not configured, you might need to execute this command: sudo ufw allow http For more details please see: How to Open/Allow incoming firewall port on Ubuntu