{"id":70,"date":"2025-06-04T21:08:05","date_gmt":"2025-06-04T20:08:05","guid":{"rendered":"https:\/\/blog.mkcloudai.com\/?p=70"},"modified":"2025-06-04T21:08:05","modified_gmt":"2025-06-04T20:08:05","slug":"step-by-step-aws-lightsail-ubuntu-access-troubleshooting","status":"publish","type":"post","link":"https:\/\/blog.mkcloudai.com\/?p=70","title":{"rendered":"Step-by-Step AWS Lightsail\/ubuntu Access Troubleshooting"},"content":{"rendered":"\n

Scenario: Let\u2019s troubleshoot your AWS Lightsail instance step by step. Since WordPress<\/strong>, a Python app (on port 5000)<\/strong>, and SSH access (port 22 is off)<\/strong> are all not working, it seems likely your instance is either down, misconfigured, or blocked by the firewall.<\/p>\n\n\n\n

Step 1: Check if the Instance is Running<\/strong><\/h3>\n\n\n\n
    \n
  1. Log in to the Lightsail Console<\/a>.<\/li>\n\n\n\n
  2. Look at the state of the instance<\/strong> \u2013 is it Running<\/code>?\n
      \n
    • \u2705 Yes? Proceed to Step 2.<\/li>\n\n\n\n
    • \u274c No? Start the instance and retry access.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

      Step 2: Use Lightsail\u2019s Web SSH to Get In<\/strong><\/h3>\n\n\n\n

      If port 22 is disabled, you won\u2019t be able to SSH from your computer<\/strong>.<\/p>\n\n\n\n

      Instead:<\/p>\n\n\n\n

        \n
      1. Go to your instance on the Lightsail dashboard.<\/li>\n\n\n\n
      2. Click the “Connect using SSH”<\/strong> option in the browser.<\/li>\n\n\n\n
      3. You should now be in the terminal directly.<\/li>\n<\/ol>\n\n\n\n

        Step 3: Check Firewall Rules (Networking Tab)<\/strong><\/h3>\n\n\n\n
          \n
        1. In the Lightsail dashboard, click the Networking<\/strong> tab for your instance.<\/li>\n\n\n\n
        2. Ensure the following Firewall rules (public ports)<\/strong> are added:\n
            \n
          • TCP 80<\/strong> \u2013 HTTP (for WordPress)<\/li>\n\n\n\n
          • TCP 443<\/strong> \u2013 HTTPS (if SSL enabled)<\/li>\n\n\n\n
          • TCP 5000<\/strong> \u2013 for Python app<\/li>\n\n\n\n
          • TCP 22<\/strong> \u2013 for SSH (you can temporarily re-enable for testing)<\/li>\n<\/ul>\n<\/li>\n\n\n\n
          • If port 22 is missing, re-add it temporarily for external SSH testing.<\/li>\n<\/ol>\n\n\n\n

            Step 4: Check Services Are Running<\/strong><\/h3>\n\n\n\n

            In the browser SSH terminal, run:<\/p>\n\n\n\n

            # Check system resource usage
            top

            # Is Apache or Nginx running for WordPress?
            sudo systemctl status apache2
            sudo systemctl status nginx

            # Is your Python app running? If you use Flask:
            ps aux | grep flask

            # Or check if anything is using port 5000:
            sudo lsof -i:5000<\/code><\/pre>\n\n\n\n
            If services are inactive, restart them:<\/p>\n\n\n\n
            # Example for Apache
            sudo systemctl restart apache2

            # For your Python app (if Flask)
            python3 yourapp.py<\/code><\/pre>\n\n\n\n
            Step 5: Check if Ports Are Listening<\/strong><\/h3>\n\n\n\n
            sudo netstat -tuln | grep LISTEN
            <\/code><\/pre>\n\n\n\n
            Look for lines like:<\/p>\n\n\n\n
              \n
            • 0.0.0.0:80<\/code> \u2014 WordPress<\/li>\n\n\n\n
            • 0.0.0.0:5000<\/code> \u2014 Python app<\/li>\n<\/ul>\n\n\n\n
              If you don\u2019t see port 5000, your app may not be running or is bound to localhost<\/code> instead of 0.0.0.0<\/code>.<\/p>\n\n\n\n
              Update Flask code:<\/p>\n\n\n\n
              app.run(host=\"0.0.0.0\", port=5000)<\/code><\/pre>\n\n\n\n
              Step 6: Check UFW (Ubuntu Firewall, if enabled)<\/strong><\/h3>\n\n\n\n
              sudo ufw status
              <\/code><\/pre>\n\n\n\n
              Make sure these rules exist:<\/p>\n\n\n\n
                \n
              • Allow 80<\/code><\/li>\n\n\n\n
              • Allow 5000<\/code><\/li>\n\n\n\n
              • Allow 22<\/code> (if you’re still using SSH)<\/li>\n<\/ul>\n\n\n\n
                If needed, allow ports:<\/p>\n\n\n\n
                sudo ufw allow 80
                sudo ufw allow 5000
                sudo ufw allow 22
                <\/code><\/pre>\n\n\n\n
                \n\n\n\n
                Step 7: Check Public IP and Security Group<\/strong><\/h3>\n\n\n\n
                  \n
                1. Double-check that you’re using the public IP<\/strong> of the Lightsail instance.<\/li>\n\n\n\n
                2. Make sure Lightsail\u2019s networking firewall rules<\/strong> allow traffic from anywhere (0.0.0.0\/0)<\/strong> for needed ports.<\/li>\n<\/ol>\n\n\n\n
                  \n\n\n\n
                  Optional: Restore SSH Access (If Needed)<\/h3>\n\n\n\n
                  If you\u2019ve disabled port 22 but are locked out:<\/p>\n\n\n\n
                    \n
                  • Use Web SSH<\/strong>, and:<\/li>\n<\/ul>\n\n\n\n
                    # Re-enable SSH temporarily
                    sudo ufw allow 22
                    <\/code><\/pre>\n\n\n\n
                    \u2705 STEP-BY-STEP: Python App on Port 5000 Not Working<\/h3>\n\n\n\n
                    \n\n\n\n
                    Step 1: Is the Python App Running?<\/strong><\/h3>\n\n\n\n
                    SSH into the instance, then run:<\/p>\n\n\n\n
                    ps aux | grep python
                    <\/code><\/pre>\n\n\n\n
                    If your app is not listed, it\u2019s not running. If it is listed, verify it\u2019s bound to the right interface.<\/p>\n\n\n\n
                    \n\n\n\n
                    Step 2: Run It Manually<\/strong><\/h3>\n\n\n\n
                    If it\u2019s a Flask or FastAPI app, try running it manually:<\/p>\n\n\n\n
                    cd \/path\/to\/your\/app

                    # Flask example
                    python3 app.py
                    <\/code><\/pre>\n\n\n\n
                    Make sure your app includes:<\/p>\n\n\n\n
                    app.run(host=\"0.0.0.0\", port=5000)
                    <\/code><\/pre>\n\n\n\n
                    If it says host='127.0.0.1'<\/code>, it will only be available internally<\/strong>, not to the public.<\/p>\n\n\n\n
                    \n\n\n\n
                    Step 3: Check If Port 5000 is Listening<\/strong><\/h3>\n\n\n\n
                    Run:<\/p>\n\n\n\n
                    sudo lsof -i:5000
                    <\/code><\/pre>\n\n\n\n
                    or<\/p>\n\n\n\n
                    sudo netstat -tuln | grep 5000
                    <\/code><\/pre>\n\n\n\n
                    You should see something like:<\/p>\n\n\n\n
                    tcp    0   0 0.0.0.0:5000   0.0.0.0:*   LISTEN
                    <\/code><\/pre>\n\n\n\n
                    If not, the app isn\u2019t running or is bound to localhost.<\/p>\n\n\n\n
                    \n\n\n\n
                    Step 4: Firewall Check (UFW + Lightsail)<\/strong><\/h3>\n\n\n\n
                    1. UFW Rules (if enabled)<\/strong><\/h4>\n\n\n\n
                    sudo ufw status
                    <\/code><\/pre>\n\n\n\n
                    You should see:<\/p>\n\n\n\n
                    5000                      ALLOW       Anywhere
                    <\/code><\/pre>\n\n\n\n
                    If not:<\/p>\n\n\n\n
                    sudo ufw allow 5000
                    <\/code><\/pre>\n\n\n\n
                    \ud83d\udd27 To Remove That Specific IP Rule on Port 5000<\/h4>\n\n\n\n
                    Run this to list numbered UFW rules:<\/p>\n\n\n\n
                    sudo ufw status numbered
                    <\/code><\/pre>\n\n\n\n
                    You’ll see something like:<\/p>\n\n\n\n
                    [ 1] 5000\/tcp                   ALLOW IN    84.65.107.114
                    [ 2] 22\/tcp                     ALLOW IN    Anywhere
                    ...
                    <\/code><\/pre>\n\n\n\n
                    Now remove the rule for your old IP (e.g., rule [ 1 ]<\/code>):<\/p>\n\n\n\n
                    sudo ufw delete 1
                    <\/code><\/pre>\n\n\n\n
                    \ud83d\udc49 Note: The number might change depending on your list \u2014 use the number shown in your actual list<\/strong>.<\/p>\n\n\n\n
                    \n\n\n\n
                    \u2705 Then Add a New Rule to Open Port 5000 to Everyone (or Your New IP)<\/h4>\n\n\n\n
                    Option A: Allow from any IP (good for public testing)<\/h3>\n\n\n\n
                    sudo ufw allow 5000
                    <\/code><\/pre>\n\n\n\n
                    Option B: Allow from your current IP only (for security)<\/h3>\n\n\n\n
                    First, get your current IP:<\/p>\n\n\n\n
                    curl ifconfig.me
                    <\/code><\/pre>\n\n\n\n
                    Then allow:<\/p>\n\n\n\n
                    sudo ufw allow from YOUR.NEW.IP.ADDR to any port 5000
                    <\/code><\/pre>\n\n\n\n
                    2. Lightsail Networking Rules<\/strong><\/h4>\n\n\n\n
                    Go to Lightsail Console > Networking tab<\/strong> for your instance:<\/p>\n\n\n\n
                      \n
                    • Make sure there\u2019s a rule like:\n
                        \n
                      • Application<\/strong>: Custom<\/li>\n\n\n\n
                      • Port<\/strong>: 5000<\/li>\n\n\n\n
                      • Source Type<\/strong>: Anywhere (or your IP)<\/li>\n\n\n\n
                      • Source IP<\/strong>: 0.0.0.0\/0<\/code> or your IP<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                        \n\n\n\n
                        Step 5: Use a Process Manager for Auto-Restart (Optional)<\/strong><\/h3>\n\n\n\n
                        If you want it to survive after terminal logout or reboot:<\/p>\n\n\n\n
                        Option A: nohup<\/code><\/h4>\n\n\n\n
                        nohup python3 app.py &
                        <\/code><\/pre>\n\n\n\n
                        Option B: Use systemd<\/code> to create a service:<\/h4>\n\n\n\n
                        sudo nano \/etc\/systemd\/system\/myapp.service
                        <\/code><\/pre>\n\n\n\n
                        [Unit]
                        Description=My Python App
                        After=network.target

                        [Service]
                        User=ubuntu
                        WorkingDirectory=\/home\/ubuntu\/myapp
                        ExecStart=\/usr\/bin\/python3 \/home\/ubuntu\/myapp\/app.py
                        Restart=always

                        [Install]
                        WantedBy=multi-user.target
                        <\/code><\/pre>\n\n\n\n
                        sudo systemctl daemon-reexec
                        sudo systemctl daemon-reload
                        sudo systemctl start myapp
                        sudo systemctl enable myapp
                        <\/code><\/pre>\n\n\n\n
                        \n\n\n\n
                        Step 6: Test from Browser<\/strong><\/h3>\n\n\n\n
                        Try:<\/p>\n\n\n\n
                        http:\/\/<your-public-ip>:5000
                        <\/code><\/pre>\n\n\n\n
                        If it doesn\u2019t load:<\/p>\n\n\n\n
                          \n
                        • Confirm again sudo lsof -i:5000<\/code><\/li>\n\n\n\n
                        • Check ufw<\/code> and Lightsail firewall<\/li>\n\n\n\n
                        • Check app logs for crash\/errors<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
                          Scenario: Let\u2019s troubleshoot your AWS Lightsail instance step by step. Since WordPress, a Python app (on port 5000), and SSH […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[],"class_list":["post-70","post","type-post","status-publish","format-standard","hentry","category-tutorial"],"_links":{"self":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts\/70","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=70"}],"version-history":[{"count":1,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts\/70\/revisions"}],"predecessor-version":[{"id":71,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts\/70\/revisions\/71"}],"wp:attachment":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=70"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=70"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=70"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}