AWS EC2 instance public ipv4 DNS address pointing to private ipv4 address instead of public ipv4 address

Question

Running a django project on an ubuntu 22.04 instance on a new account including a default VPC. Using a custom security group with 3 inbound rules: ipv6(http) on port 80, ipv4(http) on port 80, and ipv4(ssh) on port 22. Outbound rule is the same as default, ipv4(all) on all ports. No key pair was set.

Running with gunicorn, nginx, and supervisor. sudo nginx -t shows no issues, supervisor err logs are empty, and accessing the api through the public ipv4 address http://xx.xxx.xx.xxx works properly, serving content when requested, with the base url showing Not Found. Accessing through the private ipv4 address does not respond.

The problem is that when accessing through the public ipv4 DNS address, http://ec2-xx-xxx-xx-xxx.us-east-2.compute.amazonaws.com, where the x values match the public ipv4 address, the site only serves the default nginx page. Running nslookup on the DNS address returns the private ipv4 address.

Why doesn't the DNS address point to the public ipv4 address? And why does it serve content at all if it points to the private ipv4 address which doesn't respond?

Here are the configurations I used for nginx:

Changed nginx.conf user to root, and created/linked django.conf in /etc/nginx/sites-available and /etc/nginx/sites-enabled:

`server{

listen 80;
Server_name [public ipv4 address, not DNS] ;


location / {

    include proxy_params;
    proxy_pass http://unix:/home/ubuntu/[app-name]/app.sock;

}

}`

Answer 1

Running nslookup on the DNS address returns the private ipv4 address.

This won't work because AWS has the following behaviour: "The Amazon DNS server resolves a public DNS hostname to the public IPv4 address of the instance outside the network of the instance, and to the private IPv4 address of the instance from within the network of the instance."

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html also regarding this nice answer: AWS EC2 - What can I accomplish with the public DNS hostname that I can't with the public IPv4 address?

This seems to be the reason why your DNS-Lookup is giving you the private IP-Address. As a side note, you won't be able to reach your server by using the private IP since you need to be in your VPC Network. This is due to the design of private IPs: https://help.keenetic.com/hc/en-us/articles/213965789-What-is-the-difference-between-a-public-and-private-IP-address-

Why doesn't the DNS address point to the public ipv4 address?

The public dns and public ip that you receive when creating an EC2 on AWS won't give you the setup that you need to have the DNS point to the ipv4 address. You need to set up an actual A-Record for this.

And why does it serve content at all if it points to the private ipv4 address which doesn't respond?

If you open the public dns via a webbrowser, it will give you the default behaviour of nginx's standard configuration which is showing its index.html page.

I suggest the following solution: If you want your webserver to be reachable indefinitely with a specific IP-Address first of all, you should probably create and use an elastic-ip address as your public ip. Then create an A-Record between the IP and the DNS you want to use. https://easydmarc.com/blog/what-is-dns-a-record-and-how-to-add-an-a-record-to-dns/

Then I would adjust the django.conf the following way:

server {
    listen 80;
    server_name your_dns;
    
    location / {
        include proxy_params;
        proxy_pass http://unix:/home/ubuntu/[app-name]/app.sock;
    }
}