We have used GitHub Enterprise Server 3.13.2 AMI available on AWS AMI Catalog and launched AWS EC2 instance. But we are not able to SSH onto server using PEM key or able to access http or https GitHub URL using IP/DNS. We have configured Security Group and NACL to allow SSH ports and http and https ports. But still not working. Any help on this is much appreciated.
Here are several steps you can take to troubleshoot the issue with accessing your GitHub Enterprise Server (GHES) instance on AWS:
1. Check EC2 Instance Status
Ensure the EC2 instance is running properly:
- In the AWS EC2 console, check if the instance’s status is marked as
running. - Check the instance’s system logs for any errors or issues with booting the instance.
2. Validate SSH Access
If you’re unable to SSH using your PEM key, try the following:
- Ensure you’re using the correct PEM key and that it matches the key used to launch the EC2 instance.
ssh -i /path/to/key.pem ec2-user@<instance_public_ip>
Check the username: Sometimes, the username might differ based on the AMI. For GitHub Enterprise, try using admin or ubuntu instead of ec2-user.
ssh -i /path/to/key.pem admin@<instance_public_ip>
chmod 400 /path/to/key.pem
3. Verify Security Group Configuration
Double-check that your Security Group allows inbound SSH, HTTP, and HTTPS traffic:
- SSH (port 22) should be allowed from your IP address (e.g.,
0.0.0.0/0for all IPs, but restrict it to your IP for better security). - HTTP (port 80) and HTTPS (port 443) should be allowed from anywhere (
0.0.0.0/0).
Check the inbound rules for the Security Group:
- SSH (port 22) → Source:
Your IPor0.0.0.0/0 - HTTP (port 80) → Source:
0.0.0.0/0 - HTTPS (port 443) → Source:
0.0.0.0/0
4. Network ACLs (NACLs)
If you are using NACLs for added security, ensure both inbound and outbound rules allow the necessary ports:
- Inbound rules: Allow ports 22 (SSH), 80 (HTTP), 443 (HTTPS).
- Outbound rules: Ensure all outbound traffic is allowed (
0.0.0.0/0).
5. Check EC2 Instance Connectivity
Try to ping the instance to verify if it’s reachable:
ping <instance_public_ip>
If ping fails, there may be a networking issue such as a misconfigured NACL, Security Group, or VPC routing.
6. Elastic IP and Public DNS
Ensure your instance has a public IP address or Elastic IP assigned. Without this, SSH and web traffic won’t reach your instance.
- Go to EC2 console > Instances and check the Public IP or DNS for the instance.
If your instance doesn’t have a public IP:
- Elastic IP: Allocate and associate an Elastic IP to your instance.
7. Firewall on the Instance (iptables)
There could be firewall rules (e.g., iptables) on the GitHub Enterprise instance itself, blocking SSH, HTTP, or HTTPS. You can troubleshoot this once you gain access by using:
sudo iptables -L
To disable iptables temporarily (once you get SSH access):
sudo systemctl stop iptables
8. Check the AWS Console Logs
AWS provides instance logs. In the EC2 console:
- Select the instance.
- Click on Actions > Instance Settings > Get System Log. Review the log for any errors or misconfigurations during the instance boot process.
9. Check DNS Resolution
If you’re trying to access your GitHub Enterprise Server via DNS, ensure the DNS is properly configured and pointing to the correct IP address of the instance. Try accessing the server directly via the IP address.
10. GitHub Enterprise Configuration
Make sure the initial GitHub Enterprise configuration has been completed successfully. If the instance is accessible via SSH, you might need to configure GitHub services to start properly and bind to the correct ports.
Let me know if you need more detailed steps on any of these troubleshooting methods!