How to Open Ports in Alibaba Cloud Security Groups

Many users purchase Alibaba Cloud servers and install services, only to find they cannot connect without any error messages. Often, the culprit is the security group. If you encounter similar issues, check whether the required ports have been allowed in the security group.

Allow a Single TCP Port

Taking the Alibaba Cloud International Edition as an example, it does not support the classic network; all network interfaces use internal IP addresses, making the security group configuration more streamlined. Navigate to ECS Management > Network & Security > Security Groups > Configure Rules.

The following example demonstrates how to allow TCP port 8989. Select Custom TCP for the protocol type, enter 8989/8989 in the port range field, and set the authorized object to 0.0.0.0/0. If you are unsure, you can follow the configuration shown in the screenshot.

Allow All Ports? (Not Recommended)

Allowing all ports is extremely dangerous if no firewall is installed inside the server. Proceed with caution. Select All for the protocol type and keep other settings unchanged.

Additional Notes

If you need to allow a range of ports, such as ports between 8000 and 9000, enter 8000/9000 in the port range field. The security group configuration for the classic network in the Alibaba Cloud Domestic Edition is similar, but you must select Public Network Inbound for the network interface type.

Summary

Security groups are not unique to Alibaba Cloud; services like Vultr have also implemented this feature. While security groups are simple, they are often overlooked. If your service is not functioning correctly, you should generally check whether the service is running, whether the server's internal firewall allows the traffic, and whether the security group rules are configured properly.