Complete Guide to Opening Web Server Ports on EC2 Instances

Nov 23, 2025 · Programming · 8 views · 7.8

Keywords: Amazon EC2 | Security Group Configuration | Port Opening

Abstract: This article provides a comprehensive guide to opening port 8787 for web servers on Amazon EC2 instances. It analyzes the common issue where CherryPy servers are accessible locally but not remotely, detailing the configuration principles and step-by-step procedures for AWS Security Groups. The guide covers identifying correct security groups, adding inbound rules, setting port ranges, and includes supplementary considerations for instance-level firewall configurations to ensure complete remote access functionality.

Problem Analysis and Background

When running a CherryPy web server bound to 0.0.0.0:8787 on an EC2 instance, a common scenario occurs where the server is accessible locally via wget commands after SSH connection, but remains unreachable from remote machines. This situation primarily stems from AWS Security Group configurations that restrict external network access to specific ports.

AWS Security Group Configuration Principles

Security groups function as virtual firewalls for EC2 instances, controlling both inbound and outbound traffic. By default, newly created security groups typically only permit inbound SSH connections on port 22, while other ports like 8787 require manual configuration. Security group rules operate on a "default deny" principle, meaning only explicitly allowed traffic can pass through.

Detailed Configuration Steps

Begin by logging into the AWS Management Console and navigating to the "Security Groups" option under "Network & Security" in the left-hand navigation panel. Special attention should be paid to identifying the correct security group associated with the current EC2 instance, as an instance might be associated with multiple security groups.

After accessing the security group details page, select the "Inbound Rules" tab. Click the "Edit inbound rules" button to begin adding new rules. In the rule configuration interface, the following parameters need to be set:

After configuration, click "Save rules" and the new rules typically take effect within seconds. At this point, you can test remote access using the EC2 instance's public IP address combined with the port number in the format: http://<public-IP>:8787.

Supplementary Configuration Considerations

Beyond AWS Security Group configuration, instance-level firewall settings should also be considered. For EC2 instances running Linux systems, it may be necessary to check iptables or firewalld configurations to ensure no additional rules are blocking port 8787. For Windows instances, Windows Firewall settings should be verified.

Verification and Troubleshooting

After configuration, the following methods are recommended to verify that the port is properly open:

  1. Use the telnet <public-IP> 8787 command to test connectivity
  2. Access directly via browser at http://<public-IP>:8787
  3. Verify that security group rules have been correctly applied
  4. Confirm that the CherryPy server is running and bound to the correct address

If connectivity issues persist, check whether the source IP settings in security group rules are correct, and verify if the instance is associated with multiple security groups with conflicting rules.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.