I set up a private subnet for a Tomcat server (tomcat 9.0.68) and a public subnet for a Bastion host on AWS.
I set up an application load balancer that forwards traffic to the Tomcat server.
I can access Tomcat main page with the load balancer URL, but when I try to click into "Manage App", I get a 403 access denied error.
On the host server, I configured webapps/manager/META-INF/context.xml to allow remote access to Tomcat Manager. I tested this in the Bastion host and it works. It just doesn't work on the load balancer URL.
Related
am trying to route console.example.com to an internal load balancer that is located in a private subnet. My current architecture is as follows:
I have a public VPC and a private VPC.
A React app is running on an ECS cluster and its service (console-service) is located in the private VPC.
The internal load balancer has two listeners: one for HTTP on port 80, which forwards requests to port 443, and the other for HTTPS on port 443, which forwards requests to the task definition for the console-service. Additionally, the listener on port 443 has a certificate for console.example.com.
The OpenVPN connector's instance is located in the public VPC.
The public and private VPCs communicate with each other via a transit gateway.
I know that the routes are working because if I reach the console-service's private IP (private-ip:3000), I can access the website. I also know that the certificate and load balancer are working because if I SSH into an instance that is located in the private VPC and curl console.example.com, I can access the website. I believe that the issue is with the configuration of the OpenVPN's DNS settings. Currently, I added a network application that is like console.example.com - my-network, but I still cannot access the website with the domain.
I found out I made a rookie mistake. I just need to add HTTP/HTTPS to the security group's inbound rules that I use for my load-balancer.
I have an ECS cluster setup with a container that runs a microservice hosting a public and private HTTP server.
I have the public HTTP server being connected through an Elastic Load Balancer which is working correctly, however the internal HTTP server is being routed via AWS Cloud Map and Route 53 with a private hosted zone.
AWS Cloud Map finds the instance correctly, however when trying to access the private endpoint from another ECS task I get a no such host error.
Any suggestions on what could be the cause?
Thanks!
For me it's resolved that DNS Hostnames and DNS resolution are enabled in your VPC settings,
Go to your VPC dashboard then press on "Actions" button then
Press Edit DNS hostnames
Check the "Enable" checkbox
and same goes for DNS resolution.
I have an EC2 Ubuntu Instance running on AWS.
I have created a SSL certificate for my domain using AWS Certificate Manager.
i have created the needed hosted zone with the needed records for my domain.
I have created a Load Balancer with listeners for both protocols HTTP and HTTPS.
Now, I can access the site using the public IP from the AWS Instance and also using my domain name.
The issue is when trying to access the site using https.
There appears an error page: ERR_SSL_PROTOCOL_ERROR
I don't know what is wrong in my approach to get a working site running with a SSL certificate.
I guess it can be due to the Ubuntu Apache2 configuration, but not sure.
I would appreciate a checklist of things I should verify in AWS (Certificate Manager, EC2 Instance, Load Balancer, Route 53, etc.) or in the configuration of the Ubuntu Apache2 server.
EDIT:
This is the security group inbound rules that are in use with the ELB
I would double check security group on the ELB, confirm domain DNS. It's something on the ELB side since you are not connecting there.
we currently have an API and website running on AWS Elastic Beanstalk, both with load balancers.
Right now we are trying to figure out how to restrict all incoming traffic to the API Load Balancer so the Website load balancer is the only point of access to the API.
We have tried to work with the security groups but we can never hit it right.
We have already removed all Inbound access to the API and that restricted all access but we just can't get the Website to access it.
Our finale goal is to have a system where the API can never be reached from the outside but the Website has fully access to it through HTTPS calls.
Hope you guys can help us, thank you in advance!
Your website is running on an EC2 instance, which is only accessible through the ELB. The API server runs in a private subnet and accessible through an internal ELB. You want your website to access the API server. The following steps should solve the issues you are facing:
Configure your API load balancer as internal, so it is not accessible out of your VPC.
Apply the following security group rules to let application instance access the API server.
WebApp (EC2) SG
80/443 sg-xxxelb (External ELB SG)
External ELB SG
80/443 0.0.0.0/0
Your API server should only be accessible by the WebApp Instance.
Internal (API Server) ELB SG
443 sg-xxxec2 (The SG of the WebApp EC2 instance).
I have two ec2 instances and deployed java apps to '/var/www/html'.
They are running in port 9010 and I can access them by 'http://xxxx:9010'.
Next,I created elb and added the two instances to it.However,I can't access the java app by elb public dns 'http:elbxxxxx:9010'. It returned 404.
I put index.html to '/var/www/html/' , I can see index.html by elb public dns.
I'm looking for some configurations for ports in elb console but I can't.
How can I access them?
You have to configure a listener on the Elastic Load Balancer. Your listener can be configured to listen on any port (such as 80) and send the requests to your instances on port 9010. Here's how to configure listeners.