About AWS - Blockstack Gaia — cannot access hub_info

#1

I have run a Blockstack Gaia EC2 in the AWS ;
And i can ping the ip address And Domain
But i can’t get the hub_info;

http://54.249.54.160/hub_info —— http://54.249.54.160/hub_info

I do not know Why ;
Thanks for helping me。

#2

What port is your Gaia hub running on? Is it port 80?

#3

Yes : i think so ;
I follow https://docs.blockstack.org/storage/amazon-s3-deploy.html Configure a hub on Amazon EC2

And i tried 5 times ;
The same error ; i can’t get the hub_info.

Does anyone did it successfully?
Thanks for helping me.

#4

cc @jwiley

#5

Yes : I cannot ping the address too ; And i donot know Why ; I think the Image Of the Blockstack Gaia maybe have some problem ;

sometimes the check status is 1/2;

#6

might be a stupid question, but have you checked your firewall rules?
if the host is still using that IP, i’m not able to see an open port 80:

$ nmap 54.249.54.160 -p 80
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-15 11:42 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.11 seconds

if you intend to have this publicly available though, i’d recommend setting up ssl or at the very least restricting port 80 to your ip address.

have you also checked from the VM: curl http://localhost/hub_info?

#7

Do you means that : https://docs.blockstack.org/storage/amazon-s3-deploy.html the document didi not tell us how to open the firewall; But i donot think so ,It tells me how to open the port 22 /80 /443
And i did it ;

if you want to confirm it ,Please take 15 mins to test it on the Aws ;Thanks ; @jude @jwiley

#8

The document doesn’t specifically say how to open the firewall since that’s a user preference - if you don’t want the hub to be publicly available, it wouldn’t be appropriate for the docs to tell you to do so.

This is what I see from the ip you’ve listed, the output tells me that there is likely a firewall in place in the form of an AWS security group or ACL.

$ nmap -Pn 54.249.54.160 -p 22,80,443
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-15 14:50 EDT
Nmap scan report for ec2-54-249-54-160.ap-northeast-1.compute.amazonaws.com (54.249.54.160)
Host is up.

PORT    STATE    SERVICE
22/tcp  filtered ssh
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.07 seconds

From the AWS gui console, you can see what security group is attached to the EC2 instance, and then confirm that these ports are opened.
Likewise, please confirm on the VM via SSH that you can curl http://localhost/hub_info - this will test that the service is indeed running on port 80 locally, bypassing the firewall.

#9

Yes ; i am not sure What do you means;
Before I used the EC2; when i want to open the 80 port ; it just need to set the port inbound rules as the following; it does not open the firewall by myself ;

Ip: 3.112.127.199

[ zhouhe @ zhous-MBP-2: ] ~/Documents/Password $ nmap -Pn 3.112.127.199 -p 22,80,443

Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-16 03:03 CST

Nmap scan report for ec2-3-112-127-199.ap-northeast-1.compute.amazonaws.com (3.112.127.199)

Host is up (0.11s latency).

PORT STATE SERVICE

22/tcp open ssh

80/tcp closed http

443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

And i try to ssh the host 3.112.127.199;

But it takes some time,but can not login ;
it is vary strange;

[ zhouhe @ bogon: ] ~/Documents/Password $ ssh -t -i filehub.pem [email protected]

The authenticity of host ‘3.112.127.199 (3.112.127.199)’ can’t be established.

ECDSA key fingerprint is SHA256:nVeOME7WqovegxQolylVxSQeyU3d2xbS8hKECXhjYrc.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘3.112.127.199’ (ECDSA) to the list of known hosts.

Connection closed by 3.112.127.199 port 22

#10

[ zhouhe @ bogon: ] ~/Documents/Password $ ssh -t -i filehub.pem [email protected]

Last login: Thu Aug 15 07:34:06 UTC 2019 from 106.37.178.2 on pts/0

Container Linux by CoreOS stable (2135.6.0)

/***


*** 01000110110000011010001100001 0100100011101001100010**


*** Homepage: https://github.com/blockstack/gaia**


*/

Update Strategy: No Reboots

Failed Units: 3

[email protected]

[email protected]

[email protected]

[email protected] ~ $ curl http://localhost/hub_info

-bash: fork: Cannot allocate memory

#11

that’s the issue right there: Failed Units: 3
you’ll need to run: systemctl list-units --state=failed
followed by systemctl status <name of unit of that is failed> to see why the units are failing.

the services here do make some external network calls to set up SSL certificates -> I have a feeling that’s where this is failing due to the AWS region this is running in.

#12

[ zhouhe @ zhous-MBP-2: ] ~/Documents/Password $ ssh -t -i filehub.pem [email protected]

The authenticity of host ‘13.114.31.134 (13.114.31.134)’ can’t be established.

ECDSA key fingerprint is SHA256:mttwvRS7xfLqKFuRa84oNYXP/D4W8NFf877qI3Sfpuo.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘13.114.31.134’ (ECDSA) to the list of known hosts.

Last login: Mon Feb 18 20:19:06 UTC 2019 from 172.93.8.10 on pts/0

Container Linux by CoreOS stable (1967.6.0)

/***


*** 01000110110000011010001100001 0100100011101001100010**


*** Homepage: https://github.com/blockstack/gaia**


*/

Update Strategy: No Reboots

[email protected] ~ $ curl http://localhost/hub_info

curl: (52) Empty reply from server

[email protected] ~ $

Which AWS region is available for Gaia ; And i used the region of Tokyo ; Thanks :smile:

#13

You’ll need to run systemctl commands i mentioned previously - some services are not starting correctly, but we need to know the output to understand why.

#14

Because of the memory of the EC2 is too small ; So i tried in another EC2 instance ;
Just as Bellow ; there is no fail

[[email protected]:] ~/Documents/Password $ nmap -Pn 13.114.31.134 -p 22,80,443

Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-16 03:28 CST

Nmap scan report for ec2-13-114-31-134.ap-northeast-1.compute.amazonaws.com (13.114.31.134)

Host is up (0.15s latency).

PORT STATE SERVICE

22/tcp open ssh

80/tcp closed http

443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds

[[email protected]:] ~/Documents/Password $ ssh -t -i filehub.pem [email protected]

The authenticity of host ‘13.114.31.134 (13.114.31.134)’ can’t be established.

ECDSA key fingerprint is SHA256:mttwvRS7xfLqKFuRa84oNYXP/D4W8NFf877qI3Sfpuo.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘13.114.31.134’ (ECDSA) to the list of known hosts.

Last login: Mon Feb 18 20:19:06 UTC 2019 from 172.93.8.10 on pts/0

Container Linux by CoreOS stable (1967.6.0)

/***


*** 01000110110000011010001100001 0100100011101001100010**


*** Homepage: https://github.com/blockstack/gaia**


*/

Update Strategy: No Reboots

[email protected] ~ $ curl http://localhost/hub_info

curl: (52) Empty reply from server

[email protected] ~ $ curl http://localhost/hub_info

curl: (56) Recv failure: Connection reset by peer

[email protected] ~ $ curl http://localhost/hub_info

curl: (52) Empty reply from server

[email protected] ~ $ curl http://localhost/hub_info

curl: (52) Empty reply from server

[email protected] ~ $ nmap -Pn 13.114.31.134 -p 22,80,443

-bash: nmap: command not found

[email protected] ~ $ systemctl list-units --state=failed

0 loaded units listed. Pass --all to see loaded but inactive units, too.

To show all installed unit files use ‘systemctl list-unit-files’.

[email protected] ~ $

#15

docker ps please

#16

[email protected] ~ $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f73b39721f03 certbot/certbot:latest “/bin/sh -c 'trap ex…” 16 minutes ago Up 16 minutes 80/tcp, 443/tcp docker_certbot_1
95b8e9a35463 nginx:alpine “/bin/sh -c 'envsubs…” 16 minutes ago Up 15 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp docker_nginx_1
fff402c6d5ca quay.io/blockstack/gaia-reader:feature.docker-compose “npm run start” 16 minutes ago Up 16 minutes 0.0.0.0:8008->8008/tcp docker_reader_1
62570c899984 quay.io/blockstack/gaia-admin:feature.docker-compose “npm run start” 16 minutes ago Up 16 minutes 0.0.0.0:8009->8009/tcp docker_admin_1
ddab94e434cb quay.io/blockstack/gaia-hub:feature.docker-compose “npm run start” 16 minutes ago Up 16 minutes 0.0.0.0:3000->3000/tcp docker_hub_1
[email protected] ~ $

#18

what is the domain you setup for this?
cat /etc/environment

#19

[email protected] ~ $ cat /etc/environment

API_KEY=filehub

DOMAIN=filehub.fun

STAGING=0 [email protected] ~ $

#20

stand by for a bit…i’m going to try and reproduce.
just to clarify since i can’t see from your screenshots - which specific AMI are you using?

#22

got it. i’ll get back to you shortly