Can not access Tomcat in Docker on EC2 by public IP

Question

I run Tomcat image on AWS EC2 instance from DockerHub by command

 docker run -d -p 8000:8080 tomcat

Container start normally

ubuntu@ip-172-31-39-118:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
cbb1ac139d13        tomcat              "catalina.sh run"   21 minutes ago      Up 21 minutes       0.0.0.0:8000->8080/tcp   vigilant_poitras

my public IP address of instance is 3.14.3.30 I tried to access http://3.14.3.30:8000/ by Chrome, but access refused, timeout expired. Security groups in AWS setup to 0.0.0.0/0 for source and destination Firewall on my Wondows turned off. Please help to solve problem!!

Answer 1

@MichaelZal - there are two issues.

Issue 1.) you are not able to access the page locally. you have to fix this. I ran the same tomcat image and this is how you should be able to see the page.

• RUN curl http://localhost:8000 (note: 8000 port)

  [ec2-user@ip-172-31-93-30 ~]$ curl http://localhost:8000

  <!doctype html>HTTP Status 404 – Not Found

• RUN docker inspect {Your_Container_ID} | grep "IPAddress"

• RUN curl http://{Container-IP}:8080 (note: 8080 Port....)

I see your last comment that you tried all IPs. Container Gateway is not the right IP. Just to be sure, i am giving the info on how to check the container ip.

[ec2-user@ip-172-31-93-30 ~]$ docker inspect c44c5d8067b0 | grep "IPAddress"
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",
[ec2-user@ip-172-31-93-30 ~]$

[ec2-user@ip-172-31-93-30 ~]$ curl http://172.17.0.2:8080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><

If this does not work, then you have to check your container logs to if the tomcat started correctly and if you have the following type log messages. It rarely can go wrong. I ran the same docker command that you had run and it should work.

• RUN docker logs {Your_Container_ID}

  [ec2-user@ip-172-31-93-30 ~]$ docker logs c44c5d8067b0 .....

  30-Sep-2020 16:19:58.554 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 30-Sep-2020 16:19:58.555 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.38] 30-Sep-2020 16:19:58.573 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 30-Sep-2020 16:19:58.612 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [196] milliseconds

Issue 2.) Network access is not there. There are two places where it can get blocked. NACL and Security Group.

Its clear that Security Group does not have the necessary rule. Below needs to be added. Type: Custom TCP Port: 8000 Source: 0.0.0.0/0 (this is for whole internet OR you can chose any Specific IP for which you intend to provide access)

If all the above are fixed and tested, and still the site does not does not work, the we have to check NACLs.

In case of issues, Post these please.

• CURL outputs/error
• container logs

Answer 2

According to the comments, Inbound rules added are

22 TCP 0.0.0.0/0 - This is to ssh to the server.

You haven't opened the port 8000. Open an inbound rule for port 8000 as TCP.