Many friends have purchased Alibaba Cloud servers and installed certain services, only to find that they cannot connect to them at all, without any error messages. In the end, it was found that the culprit was the security group. If you have a similar situation, you may want to check if the security group has allowed the port.

Allow a TCP port

Taking Alibaba Cloud International Edition as an example, it seems that there is no classic network in Alibaba Cloud International Edition, and the network cards all have private IP addresses, so the security groups are also simplified. In the ECS management - Network and Security - Security Groups - Configuration Rules.

The following figure demonstrates allowing a TCP port 8989. Select custom TCP for the type, enter "8989/8989" for the port range, and enter "0.0.0.0/0" for the authorization object. If you are not sure, you can generally fill in according to the illustration.

Allow all ports? (Not recommended)

It is very dangerous to allow all ports when there is no firewall installed on the server, so please operate with caution. Select "All" for the protocol type, and keep the others unchanged.

Other instructions

If you need to allow a range of ports, such as all ports between 8000 and 9000, you can enter "8000/9000" in the port range. The classic network security group in Alibaba Cloud China Edition is similar, but the network card type in the China Edition needs to be set as "public network ingress direction".

Summary

Currently, not only Alibaba Cloud has security groups, but VULTR in foreign countries has also launched security group functions. Security groups are actually very simple, but they are easily overlooked. If your service cannot be used normally, you generally need to check whether the service is started, whether the server firewall is allowed, and the security group.