How to configure direct http access to EC2 instance?

Question

This is a very basic Amazon EC2 question, but I'm stumped so here goes.

I want to launch an Amazon EC2 instance and allow access to HTTP on ports 80 and 8888 from anywhere. So far I can't even allow the instance to connect to on those ports using its own IP address (but it will connect to localhost).

I configured the "default" security group for HTTP using the standard HTTP option on the management console (and also SSH).

I launched my instance in the default security group.

I connected to the instance on SSH port 22 twice and in one window launch an HTTP server on port 80. In the other window I verify that I can connect to HTTP using the "localhost".

However when I try to access HTTP from the instance (or anywhere else) using either the public DNS or the Private IP address I het "connection refused".

What am I doing wrong, please?

Below is a console fragment showing the wget that succeeds and the two that fail run from the instance itself.

--2012-03-07 15:43:31--  http://localhost/ Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: /__whiff_directory_listing__ [following] --2012-03-07 15:43:31--  http://localhost/__whiff_directory_listing__ Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: “__whiff_directory_listing__”  [ <=>                                                                                                                ] 7,512       --.-K/s   in 0.03s     2012-03-07 15:43:31 (263 KB/s) - “__whiff_directory_listing__” saved [7512]  [ec2-user@ip-10-195-205-30 tmp]$ wget http://ec2-50-17-2-174.compute-1.amazonaws.com/ --2012-03-07 15:44:17--  http://ec2-50-17-2-174.compute-1.amazonaws.com/ Resolving ec2-50-17-2-174.compute-1.amazonaws.com... 10.195.205.30 Connecting to ec2-50-17-2-174.compute-1.amazonaws.com|10.195.205.30|:80... failed:           Connection refused. [ec2-user@ip-10-195-205-30 tmp]$ wget http://10.195.205.30/ --2012-03-07 15:46:08--  http://10.195.205.30/ Connecting to 10.195.205.30:80... failed: Connection refused. [ec2-user@ip-10-195-205-30 tmp]$  

Answer 1

The standard tcp sockets interface requires that you bind to a particular IP address when you send or listen. There are a couple of somewhat special addresses: localhost (which you're probably familiar with) which is 127.0.0.1. There's also a special address, 0.0.0.0 or INADDR_ANY (internet protocol, special shorthand for ANY ADDRESS). It's a way to listen on ANY or more commonly, ALL addresses on the host. This is a way to tell the kernel/stack that you're not interested in a particular IP address.

So, when you're setting up a server that listens to "localhost" you're telling the service that you want to use the special reserved address that can only be reached by users of this host, and while it exists on every host, making a connection to localhost will only ever reach the host you're making the request from.

When you want a service to be reachable everywhere (on a local host, on all interfaces, etc.) you can specify 0.0.0.0.