Step-by-Step AWS Lightsail/ubuntu Access Troubleshooting

Scenario: Let’s troubleshoot your AWS Lightsail instance step by step. Since WordPress, a Python app (on port 5000), and SSH access (port 22 is off) are all not working, it seems likely your instance is either down, misconfigured, or blocked by the firewall.

Step 1: Check if the Instance is Running

  1. Log in to the Lightsail Console.
  2. Look at the state of the instance – is it Running?
    • ✅ Yes? Proceed to Step 2.
    • ❌ No? Start the instance and retry access.

Step 2: Use Lightsail’s Web SSH to Get In

If port 22 is disabled, you won’t be able to SSH from your computer.

Instead:

  1. Go to your instance on the Lightsail dashboard.
  2. Click the “Connect using SSH” option in the browser.
  3. You should now be in the terminal directly.

Step 3: Check Firewall Rules (Networking Tab)

  1. In the Lightsail dashboard, click the Networking tab for your instance.
  2. Ensure the following Firewall rules (public ports) are added:
    • TCP 80 – HTTP (for WordPress)
    • TCP 443 – HTTPS (if SSL enabled)
    • TCP 5000 – for Python app
    • TCP 22 – for SSH (you can temporarily re-enable for testing)
  3. If port 22 is missing, re-add it temporarily for external SSH testing.

Step 4: Check Services Are Running

In the browser SSH terminal, run:

# Check system resource usage
top

# Is Apache or Nginx running for WordPress?
sudo systemctl status apache2
sudo systemctl status nginx

# Is your Python app running? If you use Flask:
ps aux | grep flask

# Or check if anything is using port 5000:
sudo lsof -i:5000

If services are inactive, restart them:

# Example for Apache
sudo systemctl restart apache2

# For your Python app (if Flask)
python3 yourapp.py

Step 5: Check if Ports Are Listening

sudo netstat -tuln | grep LISTEN

Look for lines like:

  • 0.0.0.0:80 — WordPress
  • 0.0.0.0:5000 — Python app

If you don’t see port 5000, your app may not be running or is bound to localhost instead of 0.0.0.0.

Update Flask code:

app.run(host="0.0.0.0", port=5000)

Step 6: Check UFW (Ubuntu Firewall, if enabled)

sudo ufw status

Make sure these rules exist:

  • Allow 80
  • Allow 5000
  • Allow 22 (if you’re still using SSH)

If needed, allow ports:

sudo ufw allow 80
sudo ufw allow 5000
sudo ufw allow 22

Step 7: Check Public IP and Security Group

  1. Double-check that you’re using the public IP of the Lightsail instance.
  2. Make sure Lightsail’s networking firewall rules allow traffic from anywhere (0.0.0.0/0) for needed ports.

Optional: Restore SSH Access (If Needed)

If you’ve disabled port 22 but are locked out:

  • Use Web SSH, and:
# Re-enable SSH temporarily
sudo ufw allow 22

✅ STEP-BY-STEP: Python App on Port 5000 Not Working

Step 1: Is the Python App Running?

SSH into the instance, then run:

ps aux | grep python

If your app is not listed, it’s not running. If it is listed, verify it’s bound to the right interface.

Step 2: Run It Manually

If it’s a Flask or FastAPI app, try running it manually:

cd /path/to/your/app

# Flask example
python3 app.py

Make sure your app includes:

app.run(host="0.0.0.0", port=5000)

If it says host='127.0.0.1', it will only be available internally, not to the public.

Step 3: Check If Port 5000 is Listening

Run:

sudo lsof -i:5000

or

sudo netstat -tuln | grep 5000

You should see something like:

tcp    0   0 0.0.0.0:5000   0.0.0.0:*   LISTEN

If not, the app isn’t running or is bound to localhost.

Step 4: Firewall Check (UFW + Lightsail)

1. UFW Rules (if enabled)

sudo ufw status

You should see:

5000                      ALLOW       Anywhere

If not:

sudo ufw allow 5000

🔧 To Remove That Specific IP Rule on Port 5000

Run this to list numbered UFW rules:

sudo ufw status numbered

You’ll see something like:

[ 1] 5000/tcp                   ALLOW IN    84.65.107.114
[ 2] 22/tcp                     ALLOW IN    Anywhere
...

Now remove the rule for your old IP (e.g., rule [ 1 ]):

sudo ufw delete 1

👉 Note: The number might change depending on your list — use the number shown in your actual list.

✅ Then Add a New Rule to Open Port 5000 to Everyone (or Your New IP)

Option A: Allow from any IP (good for public testing)

sudo ufw allow 5000

Option B: Allow from your current IP only (for security)

First, get your current IP:

curl ifconfig.me

Then allow:

sudo ufw allow from YOUR.NEW.IP.ADDR to any port 5000

2. Lightsail Networking Rules

Go to Lightsail Console > Networking tab for your instance:

  • Make sure there’s a rule like:
    • Application: Custom
    • Port: 5000
    • Source Type: Anywhere (or your IP)
    • Source IP: 0.0.0.0/0 or your IP

Step 5: Use a Process Manager for Auto-Restart (Optional)

If you want it to survive after terminal logout or reboot:

Option A: nohup

nohup python3 app.py &

Option B: Use systemd to create a service:

sudo nano /etc/systemd/system/myapp.service
[Unit]
Description=My Python App
After=network.target

[Service]
User=ubuntu
WorkingDirectory=/home/ubuntu/myapp
ExecStart=/usr/bin/python3 /home/ubuntu/myapp/app.py
Restart=always

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl start myapp
sudo systemctl enable myapp

Step 6: Test from Browser

Try:

http://<your-public-ip>:5000

If it doesn’t load:

  • Confirm again sudo lsof -i:5000
  • Check ufw and Lightsail firewall
  • Check app logs for crash/errors

Related Posts

Scroll to Top