VPS NodeJS server not accessible on public IP Oracle Compute Cloud

Question

I am trying to get my nodejs website up on the Oracle Cloud Compute VPS (forever free) with Ubuntu 18.04. (That it is an Oracle server seems to be very important in this case). I can curl localhost (then it returns the HTML), but I cannot access it via the public ip from my pc.

To work around sudo for port 80, I applied:

sudo apt-get install libcap2-bin
sudo setcap 'cap_net_bind_service=+ep' `which node`

It does run internally:

pm2 start bin/www

│ id │ name               │ mode     │ ↺    │ status    │ cpu      │ memory   │
├────┼────────────────────┼──────────┼──────┼───────────┼──────────┼──────────┤
│ 0  │ www                │ fork     │ 496  │ online    │ 0%       │ 15.5mb   |

pm2 log returns no errors.

sudo netstat -tulpn | grep 80 returns:

tcp6       0      0 :::80                   :::*                    LISTEN      26444/node /opt/por

In case you're thinking "oh no it runs on ipv6, you should add listen(port, "0.0.0.0") in nodejs", I tried, then it returns this below, and still has the same problem:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      26487/node /opt/por

curl localhost returns my homepage html. Accessing it via the public ip in my computers browser is the problem, so the problem is somewhere in the firewall that Oracle made.

I have found Oracle has set up some iptables rules. Some people just say: disable all of them, but I find that a bit risky for security. Therefore, I want to open just the port I need (port 80). So I tried almost every command I could find to do that (the ones below and many more I cannot remember).

sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp  --sport 80 -j ACCEPT
iptables -I INPUT 5 -i ens3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

sudo netfilter-persistent save

My current iptables are visible at: sudo iptables -L -n -v https://pastebin.com/ibqWUqjA

The NAT iptables are visible at: sudo iptables -t nat -L -n -v https://pastebin.com/QGxdTsJ1

I must say, I am no expert on networking. I just know how to set up a basic NodeJs server on a non Oracle Cloud server (my raspberry pie at home, with configurations in my modem). So I have not dealt with iptables and advanced cloud environments to such extent. I tried to read in on the iptables topic by watching videos, and the oracle environment on: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingpublicIPs.htm However, I must say it is quite an information overload. On the link it says:

• The instance must be in a public subnet. (check)
• The instance must have a public IP address. (also check)
• The instance's VCN must have an internet gateway.(A what? I can't figure out how to check this or do this. Even after more reading.)
• The public subnet must have route tables and security lists configured accordingly. (I guess I tried??)

One stackoverflow post I found with exactly the same problem says: "I’m using oracle cloud. I’ll look into firewall settings outside of the server. ... Thank you. The issue was the firewall setting of the oracle server itself. Issue resolved" (Nodejs on linux not accessible outside Server) But he does not say where :(. I searched a lot for it, but cannot find an option.

Can someone point me in the right direction?

Answer 1

There was indeed another spot where the firewall needed to be opened outside of the terminal.

• Go to Compute > Instances
• Click on your Instance name. You will see a detailed page describing a lot of properties.
• Click on the subnet.
• Click on Default Security List for vcn-...
• Add Ingress Rules

Add the following rules:

Try to surf to your public IP again while your site is running, and it works!

For reading more on this, and to see where I found it, see:

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm#Default

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#stateful