I want to run a simple Spring Boot application on my Ubuntu 16.04.6 x64 droplet. To allow incoming connections I had to open the 8080 port, since this is where the embedded tomcat server in the spring boot jar will listen for connections.

I used the ufw allow 8080 command and now I see this on me droplet.

#ufw status
Status: active

To                         Action      From
--                         ------      ----
8080                       ALLOW       Anywhere
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
8080 (v6)                  ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)

I made sure I have my application running:

java -jar myservice.jar &

Netstat reports that something is listening on 8080:

#  netstat -aon
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Timer
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp        0    XXX XX.XXX.XX.XXX:22        XX.XX.XXX.XX:64021      ESTABLISHED on (0.11/0/0)
tcp6       0      0 :::8080                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::22                   :::*                    LISTEN      off (0.00/0/0)

Yet when I do telnet outside the server I get:

telnet XX.XXX.XX.XXX 8080
Connecting To XX.XXX.XX.XXX...Could not open connection to the host, on port 8080: Connect failed

And when I do telnet on the server I get:

# telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

In Digital Ocean's Firewall control panel I have the following setup:

HTTP requests to the server just hang and never return. They don't even reach the tomcat server, judging by the lack of logs.

What am I missing? Any suggestions would be really appreciated!

UPDATE 1:

Local (inside the server) curl requests to my healthcheck endpoint were also hanging. However I left one for longer period and I got this application log:

2019-05-13 18:39:48.723  WARN 5873 --- [nio-8080-exec-2] o.a.c.util.SessionIdGeneratorBase        : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [214,287] milliseconds.

This explained why the request was hanging, so applying the answer from this post fixed that. Now I'm able to hit my endpoint on the server and it's responding.

However outside the box, requests are still not making it to the server. Telnet outside still says Could not open connection to the host, on port 8080.

I'm not 100% sure why, but the Firewall rules from the Digital Ocean Firewall Control panel were interfering with my droplet configuration.

I've deleted the Firewall rules from the control panel and now netstat reports that my 8080 port is open and I'm able to talk to the server from the outside world, finally.

#nmap -sS -O XX.XXX.XX.XXX

Starting Nmap 7.01 ( https://nmap.org ) at 2019-05-13 21:13 UTC
Nmap scan report for myservice (XX.XXX.XX.XXX)
Host is up (0.000024s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8080/tcp open  http-proxy
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.8 - 3.19
Network Distance: 0 hops

Also check UPDATE 1 from the question as it was also causing bizarre confusion.