If you’ve ever worked with web servers, APIs, or command-line tools, you’ve almost certainly run into this frustrating message: curl: (7) Failed to connect to host... Connection refused.
It’s a common roadblock that can stop you in your tracks. But what does it actually mean? And more importantly, how do you fix it?
Think of it like knocking on a door. “Connection refused” doesn’t mean no one is home (that would be a “timeout” error).
It means someone is home, but they’ve actively denied your request to enter. The server you’re trying to reach is there, but it’s not letting you in through the specific “door” (the port) you’re trying to use.
This guide will walk you through the most common reasons for this error and provide simple, step-by-step solutions to get you back on track.
Table of Contents
First Things First: What is curl?
Before we dive into troubleshooting, let’s quickly clarify what curl is.
curl (which stands for “Client URL”) is a powerful command-line tool used to transfer data to or from a server.
Developers use it for everything from testing API endpoints and downloading files to automating web-related tasks. It’s a fundamental part of a developer’s toolkit.
Now, let’s figure out why that server is giving you the cold shoulder.
The Top 3 Reasons for “Connection Refused” (And How to Fix Them)
There are two primary culprits behind this error: either nothing is listening at your destination, or a firewall is blocking the way. Let’s break this down into a simple checklist.
See also: Mastering the Linux Command Line — Your Complete Free Training Guide
1. Is the Server or Application Actually Running?
This might sound obvious, but it’s the most common reason for the error. You can’t connect to a service that isn’t running.
- What’s Happening: The application or web server (like Apache, Nginx, or a custom app) on the remote machine has crashed, been stopped, or failed to start.
- How to Check:
- If you have access to the server, use a command like
sshto log in. - Check the status of your application. For example, with a service managed by
systemd(common on modern Linux), you would run:sudo systemctl status your-application-name - Look at the application’s logs for any startup errors.
- If you have access to the server, use a command like
- How to Fix:
- If the service is stopped, simply start it.
sudo systemctl start your-application-name - If it failed, examine the logs to debug the problem. It could be a typo in a configuration file or a missing dependency.
- If the service is stopped, simply start it.
2. Are You Knocking on the Right Door (Port)?
A server can have thousands of ports, and a service will only “listen” for connections on the specific port it’s configured to use. Web servers typically use port 80 (for HTTP) and 443 (for HTTPS). If you try to connect to the wrong port, the server will refuse the connection.
- What’s Happening: Your
curlcommand is pointing to a port where no service is actively listening for new connections. - How to Check (on the server):
- You can use the
netstator the more modernsscommand on the server to see which ports are being used. These commands list all active network connections and listening ports.# This command shows all listening TCP and UDP ports and the programs using them
sudo netstat -tulpn | grep LISTEN - Look through the output for the port number you’re trying to connect to. If you don’t see it, nothing is listening there.
- You can use the
- How to Fix:
- Double-check your
curlcommand: Ensure you have the correct port number. For example:curl http://your-domain.com:8080. If you don’t specify a port,curldefaults to port 80 for HTTP. - Check your server application’s configuration: Make sure your application is configured to listen on the port you expect.
- Double-check your
3. Is There a Firewall in the Way?
Firewalls are the security guards of networks. They stand between you and the server, deciding whether to let your connection request through. A misconfigured firewall is a very common cause of “Connection refused” errors.
- What’s Happening: A firewall on the server itself (like
ufw,firewalld, oriptables) or a network firewall (like an AWS Security Group) is blocking incoming traffic on the port you’re trying to access. - How to Check:
- On the server: Check the status and rules of the local firewall.
- For
ufw(common on Ubuntu):sudo ufw status - For
firewalld(common on CentOS/RHEL):sudo firewall-cmd --list-all
- For
- For cloud providers: Log in to your cloud console (AWS, Google Cloud, Azure) and inspect the firewall rules or security groups associated with your server instance. Ensure there’s an “inbound rule” that allows traffic on your target port from your IP address (or from anywhere, using
0.0.0.0/0).
- On the server: Check the status and rules of the local firewall.
- How to Fix:
- Add a rule to the firewall to allow incoming connections on the necessary port. For example, to allow traffic on port
8080withufw:sudo ufw allow 8080
- Add a rule to the firewall to allow incoming connections on the necessary port. For example, to allow traffic on port
Putting It All Together: A Simple Troubleshooting Workflow
Feeling overwhelmed? Just follow these steps in order:
- Check Your Command: Is the hostname and port number in your
curlcommand correct? Typos happen! - Check the Server Application: Log in to the server and confirm that your application is running without errors.
- Check for Listening Ports: While on the server, use
sudo netstat -tulpnto see if any application is listening on the port you’re targeting. - Check the Firewall: If an application is listening, the firewall is the most likely suspect. Check both the server’s local firewall and any network-level firewalls.
By following this simple checklist, you can quickly diagnose the root cause of the “Connection refused” error and get your services talking to each other again.
