edit-icon download-icon

Verify if TCP port 80 works properly

Last Updated: Mar 06, 2018

If your instance fails to respond to HTTP requests, follow these steps to verify if the web service port (TCP 80 by default) works properly:

  1. In the ECS console, verify if security group rules has been added to enable Internet access to your instance on this port.
  2. Connect to your ECS instance and verify if the web server is started.
  3. Verify if the port is listened on. If not, modify the listening address.
  4. Verify if the firewall of your instance allows this port.
  5. If the problem is not resolved, open a ticket.

The sections describe how to verify the status of TCP port 80 in various operating systems:

Windows Server 2012

This section illustrates how to verify the status of TCP port 80 in a Windows Server 2012 instance with IIS installed.

  1. Log on to the ECS console and verify if you have added the following security group rules in the security group of the instance.

    Network type NIC Rule Direction Authorization Policy Protocol Type Port Range Authorization Type Authorization Object Priority
    VPC No configuration required Inbound Allow HTTP(80) 80/80 Address Field Access 0.0.0.0/0 1
    Classic Internet
  2. Connect to a Windows instance.

  3. Verify if IIS is started:

    1. In the Server Manager window, select Tools > Internet Information Services (IIS) Manager. If this option is unavailable, IIS is not installed yet. In this case you must install the service first.
    2. In the Internet Information Services (IIS) Manager window, verify the following:
      • On the Connections pane, right click on the instance ID. If Start is displayed as a dimmed option, IIS is already started.
      • On the Connections pane, select Sites and check the status of the sites on the right. If the site Status is Stopped (http), select the site. Then on the Actions pane > Manage Web Site, click Start.
  4. Verify if the port is listened on.

    1. Open a Command Prompt window.
    2. Run the command netstat -ano | findstr :80. If the following is displayed, all traffic through port 80 is listened on.
      1. TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
      Otherwise, modify the listening address.
  5. Verify if the firewall of your instance has allowed HTTP service:

    1. On the Control Panel, select System and Security > Windows Firewall.
    2. According to the firewall status, follow these steps:
      • If the firewall is off, open a ticket.
      • If the firewall is on, do the following:
        1. Click Advanced Settings.
        2. On the navigation pane, click Inbound Rules.
        3. Select World Wide Web Services (HTTP Inbound). If the Enabled option is No, click Enable Rule on the Actions pane.

If you still cannot access your instance on http://public IP address, open a ticket.

Windows Server 2008

This section illustrates how to verify the status of TCP port 80 in a Windows Server 2008 instance with IIS installed.

  1. Log on to the ECS console and verify if you have added the following security group rules in the security group of the instance.

    Network type NIC Rule Direction Authorization Policy Protocol Type Port Range Authorization Type Authorization Object Priority
    VPC No configuration required Inbound Allow HTTP(80) 80/80 Address Field Access 0.0.0.0/0 1
    Classic Internet
  2. Connect to a Windows instance.

  3. Verify if IIS is started:

    1. In the Server Manager window, select Tools > Internet Information Services (IIS) Manager. If this option is unavailable, IIS is not installed yet. In this case you must install the service first.
    2. In the Internet Information Services (IIS) Manager window, verify the following:
      • On the Connections pane, right click on the instance ID. If Start is displayed as a shaded option, IIS is already started.
      • On the Connections pane, select Sites and check the status of the sites on the right. If the site Status is Stopped (http), select the site, and then on the Actions pane > Manage Web Site, click Start.
  4. Verify if the port is listened on.

    1. Open a Command Prompt window.
    2. Run the command netstat -ano | findstr :80. If the following is displayed, all traffic through port 80 is listened on.
      1. TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
      Otherwise, modify the listening address.
  5. Verify if the firewall of your instance has allowed HTTP service:

    1. On the Control Panel, select System and Security > Windows Firewall.
    2. According to the firewall status, follow these steps:
      • If the firewall is off, open a ticket.
      • If the firewall is on, do the following:
        1. Click Advanced Settings.
        2. On the navigation pane, click Inbound Rules.
        3. Select World Wide Web Services (HTTP Inbound). If the Enabled option is No, click Enable Rule on the Actions pane.

If you still cannot access your instance on http://public IP address, open a ticket.

CentOS 7.3

This section illustrates how to verify the status of TCP port 80 in a Centos 7.3 Linux instance with Nginx installed.

  1. Log on to the ECS console and verify if you have added the following security group rules in the security group of the instance.

    Network type NIC Rule Direction Authorization Policy Protocol Type Port Range Authorization Type Authorization Object Priority
    VPC No configuration required Inbound Allow HTTP(80) 80/80 Address Field Access 0.0.0.0/0 1
    Classic Internet
  2. Connect to a Linux instance.

  3. Verify if Nginx is started by running systemctl status nginx. If the following is displayed, Nginx is started. If not, run systemctl start nginx.
    CentOS7.3_nginx is started

  4. Run netstat -an | grep 80 to verify if the port is listened on. If the following is displayed, TCP port 80 is listened on.

    1. tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

    Otherwise, modify the listening address.

  5. Firewalld is installed by default on CentOS 7 and later versions. If you have enabled firewalld.service, run firewall-cmd --add-port=80/tcp --permanent to open TCP port 80 . If success is returned, TCP port 80 is opened.

    Note: For CentOS 6 and earlier versions with the default firewall iptables turned on, note that iptables does not block access by default. If you have configured iptables rules, follow these steps:

    1. Run iptables --line -vnL to view the rule list. According to the returned result:
      • If you have set block as default, run iptables -A INPUT -p tcp --dport 80 -j ACCEPT to add the rule to open TCP port 80.
      • If you have set a rule to DROP TCP 80 port, run iptables -R INPUT [Rule number for port 80] -p tcp --dport 80 -j ACCEPT to replace the existing rule to open TCP port 80.
    2. Run service iptables save to save the rule.

If you still cannot access your instance on http://public IP address, open a ticket.

Ubuntu 16.04

This section illustrates how to verify the status of TCP port 80 in an Ubuntu Linux 16.04 instance with Apache 2 installed.

  1. Log on to the ECS console and verify if you have added the following security group rules in the security group of the instance.

    Network type NIC Rule Direction Authorization Policy Protocol Type Port Range Authorization Type Authorization Object Priority
    VPC No configuration required Inbound Allow HTTP(80) 80/80 Address Field Access 0.0.0.0/0 1
    Classic Internet
  2. Connect to a Linux instance.

  3. Run service apache2 status to verify if Apache 2 is started. If the following is displayed, Apache 2 is started. If not, run service apache2 start.
    Ubuntu 16.04_Apache2 Web server runs properly

  4. Run netstat -an | grep 80 to verify if the port is listened on. If the following is displayed, TCP port 80 is listened on.

    1. tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

    Otherwise, modify the listening address.

  5. If you have enabled UFW (a firewall installed by default on Ubuntu), run ufw allow 80/tcp or ufw allow http to open TCP port 80 or the HTTP service. If Rule added is returned, TCP port 80 or the HTTP service is opened.

    Note: If you have installed Firewalld and enabled firewalld.service in your instance, run firewall-cmd --add-port=80/tcp --permanent to open TCP port 80. If success is returned, TCP port 80 is opened.

If you still cannot access your instance on http://public IP address, open a ticket.

Thank you! We've received your feedback.