Oracle cloud is giving out
always free instance/db/warehouse, so I decided to give a try for potential use of our church website.
Applying a new account take a while, unlike AWS you can use it immediately after creation, this one seems to take some manual check so after 2 days of review, the account was approved.
The UI is fine given it is a new play here. I went ahead and created an instance with Ubuntu 18.x image. By couple of clicks, the instance along with a new
virtual cloud network which I guess is vpc equivalent as well as new route-table/internet-gateway/Security-List(NACL)/public-subnet. So after ssh into the box and installed the necessary stuff(fish/nvim/tmux etc), I put nginx there and started it at the default port 80.
Network Security Group
I was getting timeout on
80, which is sort of expected, so I was trying to find the SG equivalent which is NSG(Network security group) here and created a new rule to allow ingress port 80. Do
nc -vz IpAddress 80 again, now I get
connection refused. So I went to the nginx log and see no access there. Something must be blocking the traffic on the instance/network level.
First thing came to mind was the Network-List which is the NACL in aws, double-checked that nothing is explicitly blocking ports there. The next thing is
ufw in ubuntu so after running
ufw status, I can confirm that it is inactive.
Real cause: iptables
Final turn is to check
iptables setting, the config file is on
/etc/iptables/rules.v4, or use
sudo iptables --list --line-numbers to view details. Turns out there are some
Reject on the CHAIN INPUT, which is the cause of rejection.
One way to correct is comment out the
REJECT lines inside the
rules.v4 file. Then use
iptables-restore < /etc/iptables/rules.v4 to reload the rule. We can also do
sudo iptables -D INPUT LineNunber to remove the related reject.
Another brutal way is to just do
iptables -F to flush all the rule.