When deploying web applications on Amazon EC2 Windows instances, developers often need to expose services running on non-standard ports while maintaining user-friendly access. The standard HTTP port (80) provides clean URL access without requiring port specification in the address bar.
Before implementing any forwarding solution, ensure your EC2 security group allows inbound traffic on both ports:
Inbound Rules Required: 1. HTTP (TCP 80) - 0.0.0.0/0 2. Custom TCP (TCP 9898) - 0.0.0.0/0
On your Windows Server 2012 instance, create firewall rules to allow traffic:
# PowerShell commands to open firewall ports New-NetFirewallRule -DisplayName "HTTP-In" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow New-NetFirewallRule -DisplayName "AppPort-In" -Direction Inbound -Protocol TCP -LocalPort 9898 -Action Allow
For Windows Server, we'll use Netsh port proxying:
# Run as Administrator in Command Prompt netsh interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=9898 connectaddress=127.0.0.1
To verify the forwarding rule:
netsh interface portproxy show all
Create a scheduled task to reapply the forwarding rule on system startup:
# PowerShell script to create persistent task $action = New-ScheduledTaskAction -Execute 'netsh.exe' -Argument 'interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=9898 connectaddress=127.0.0.1' $trigger = New-ScheduledTaskTrigger -AtStartup Register-ScheduledTask -TaskName "PortForward_80_to_9898" -Action $action -Trigger $trigger -RunLevel Highest
If you have IIS installed, consider using the URL Rewrite module:
<rewrite>
<rules>
<rule name="ReverseProxy" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:9898/{R:1}" />
</rule>
</rules>
</rewrite>
- Verify port availability:
netstat -ano | findstr :80 - Check Windows Firewall logs for blocked connections
- Test connectivity locally before attempting external access
- Remember EC2 instances may have elastic IPs that need proper DNS mapping
When deploying web applications on Amazon EC2 Windows instances, we often need to expose services running on non-standard ports while maintaining standard HTTP/HTTPS accessibility. Let me walk through the complete solution for Windows Server 2012.
First, ensure your EC2 security group allows both port 80 (HTTP) and your application port (9898 in this case):
Inbound Rules: - Type: HTTP | Protocol: TCP | Port Range: 80 | Source: 0.0.0.0/0 - Type: Custom TCP | Protocol: TCP | Port Range: 9898 | Source: [Your IP or security group]
Create firewall rules to allow traffic:
netsh advfirewall firewall add rule name="Open Port 9898" dir=in action=allow protocol=TCP localport=9898 netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80
The most reliable method uses Windows' built-in networking tools:
netsh interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=9898 connectaddress=127.0.0.1
Verify the forwarding rule:
netsh interface portproxy show all
If you prefer a web server approach, install IIS and configure URL Rewrite:
1. Install Web Server (IIS) role 2. Install Application Request Routing and URL Rewrite 3. Create web.config with these rules:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxy" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:9898/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
After setup, test from both local and external networks:
telnet localhost 80 curl http://your-ec2-public-ip
- Check Windows Event Viewer for firewall blocks
- Verify EC2 instance CPU utilization isn't maxed out
- Confirm no other service is using port 80 (netstat -ano)
- Test connectivity from within the VPC first