All Products
Search
Document Center

Quick troubleshooting methods for websites running in ECS instances cannot be accessed

Last Updated: Apr 27, 2022

Disclaimer: This topic may contain information about third-party products. The information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.

Overview

If the website cannot be opened, you should first search for the meaning of the troubleshooting error, and then troubleshoot the 80 port status and the troubleshooting Web service status. This topic provides a quick troubleshooting method. For more information about the troubleshooting procedure, see Failed to access a website on an ECS instance.

Description

Take note of the following items:

  • Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
  • Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
  • If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.

This topic provides troubleshooting ideas for unreachable websites running in Linux and Windows systems.

Unable to access websites running on Linux instances

CentOS 7 is used as an example.

Troubleshoot unavailability of port 80

  1. Run the following command to check whether TCP port 80 is monitored:
    netstat -an  grep 80
    The system display is similar to the following. If any of the following results are returned, the Web service on TCP port 80 has been started.
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN # Network-wide listener
    tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN # Native listener
    Note: If the 127.0.0.1 listener of the local machine fails to access the web service over the Internet, only the local machine can access the web service.
  2. If no exception occurs in the first step, perform the following operations: If an error occurs, see Troubleshoot web service unavailability.
    1. Check whether port 80 is allowed by the instance security group. For more information, see Add security group rules.
    2. Check whether the iptables instance allows port 80.
    3. Run the telnet and traceroute commands to track the connectivity of port 80. For more information, see Check the port availability when the port is pingable but the port is blocked.
  3. Check whether the bandwidth of the ECS instance is sufficient. For more information, see Query and analyze the system load of a Linux instance.

Troubleshoot Web Service Unavailability

  1. Log on to the ECS instance of the Liunx system. For more information, see Connect to a Linux instance by using a management terminal.
  2. View Web service logs.
  3. Run the top command to check the instance running status and check whether there are different processes.
  4. View the instance monitoring information in the console to check whether the instance bandwidth is sufficient. If it is insufficient, you can try to upgrade the instance bandwidth.
  5. Check whether the CPU and memory of the instance are insufficient. For more information, see Troubleshoot the high CPU utilization of ECS Linux.
  6. Check whether there are too many TCP connections on port 80 of the instance.
  7. Run the following command to count the number of TCP connections:
    netstat -anp grep tcp wc -l
  8. Compare the maximum values of net.ipv4.tcp_max_tw_buckets parameters in the /etc/sysctl.conf configuration file to see if they are exceeded. If it is exceeded, do the following.
    1. Run the vi /etc/sysctl.conf command to edit the file and query the net.ipv4.tcp_max_tw_buckets parameters. If it is confirmed that the connection is very high and it is easy to exceed the limit, increase the size of the net.ipv4.tcp_max_tw_buckets parameter value according to the site situation.
    2. Run the sysctl -p command to make the configurations take effect.

Unable to access websites running on Windows instances

This uses the Windows Server 2008 system as an example. Select based on your actual situation.

Troubleshoot unavailability of port 80

  1. Run the following command to check whether TCP port 80 is monitored:
    netstat -ano  findstr :80
    The system display is similar to the following. If any of the following results are returned, the Web service on TCP port 80 has been started.
    TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1172 # Indicates that TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 1172 # Indicates that TCP is monitored 
    by the whole network.
    Note: If the local listener fails to access the web service over the Internet, only the local listener can access the web service. You can run the following command to change the listener to the whole network:
    netsh http delete iplisten ipaddress= 127.0.0.1:80
  2. If no exception occurs in the first step, perform the following operations: If an error occurs, see Troubleshoot web service unavailability.
    1. Check whether port 80 is allowed by the instance security group. For more information, see Add security group rules.
    2. Check whether port 80 is allowed by the instance firewall. For more information, see How to restrict access to ports, IP addresses, and applications by Windows Firewall.
    3. Run the telnet and tracert commands to track the connectivity of port 80. For more information, see Check the port availability when the port is pingable but the port is blocked.
  3. Check whether the bandwidth of the ECS instance is sufficient. For more information, see Troubleshoot the bandwidth and CPU usage of a Windows instance.

Troubleshoot Web Service Unavailability

  1. Log on to the Windows ECS instance.
  2. View Web service logs. For example, the Windows Server 2008 IIS service log path is "%SystemDrive%\inetpub\logs\LogFiles\W3SVC4".
  3. Use Task Manager to check the instance running status and check whether there are abnormal processes.
  4. View the instance monitoring information in the console to check whether the instance bandwidth is sufficient. If it is insufficient, you can try to upgrade the instance bandwidth.
  5. Check whether the CPU and memory of the instance are exhausted. For more information, see Troubleshoot Windows instance bandwidth and CPU usage.
  6. Follow these steps to check whether there are too many TCP connections on port 80 of the instance.
    1. Run the following commands in sequence to count the number of TCP connections:
      netstat -n find /i "time_wait" /c
      netstat -n find /i "close_wait" /c
      netstat -n find /i "established" /c
    2. If the number of TCP connections is too high, follow these steps to adjust the TcpTimedWaitDelay to 30s. The default value is 4 minutes (240s).
      1. Open the CMD and run the regedit command.
      2. Choose HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > TCPIP > Parameters.
        • If no TcpTimedWaitDelay parameter is specified, perform the following operations:
          1. Right-click the Parameters and select New > DWORD (32-bit) Value.
          2. Enter the TcpTimedWaitDelay and press the Enter key to confirm.
        • If the TcpTimedWaitDelay parameter exists, right-click the TcpTimedWaitDelay, click Modify, select Decimal, enter 30, and then click OK.

References

There are many factors and symptoms that cause website access exceptions. For more information about the causes of website access failures on ECS instances, see Factors that cause website access exceptions.

Applicable scope

  • Elastic Compute Service