Ran into an interesting problem while working on EC2. I had haproxy running on a EC2 instance. I configured port 8080 for the status page of haproxy. This is what I had at the end in my haproxy.cfg file:
listen stats :8080 mode http stats uri /
When I try to hit the 8080 port for the EC2 instance, it wasn’t reachable because of AWS security groups. Fair enough, I edited my security group and open port 8080. In spite of opening the port in AWS security group, I wasn’t able to access the haproxy status page.
Quick google search, led me to iptables and specifically to https://help.ubuntu.com/community/UFW. Essentially there are 2 layers of firewalls when we try to access a specific port on a running EC2 instance. AWS security groups provides a firewall layer, while the base OS provides another. In my caseĀ (Ubuntu 12.04) UFW was configured with the default options (which essentially blocks pretty much ALL incoming traffic). I ran the following commands to open port 8080 and restart UFW.
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT iptables-save sudo stop ufw sudo start ufw
With port 8080 now open at both layers, I was able to access the haproxy status page.
Keep learning... 