Context
I have been learning AWS Fargate and already deployed two services in the same cluster. The first service comes from an image from an nextjs listen in 3000 port. The other service is an Nginx server listening in port 80.
Service Connect setup
I have turned on the ECS Service Connect to the both services. In the Nextjs server I setted up the the Service Connect server endpoints as the following image shows:
Nginx setup
For the Nginx config I used the following file:
server {
listen 80;
location / {
if ($request_uri = "/") {
add_header Content-Type text/html;
return 200 "<html><body><h1>It works!</h1></body></html>";
}
proxy_pass http://nextjs:3000;
proxy_set_header Nginx-Message "Message from Nginx";
}
}
Problem
This setup works on my machine with Docker Compose and the services were deployed just fine. But, when I try to access the Nginx server using the routes that tries to find Nextjs, it doen't work. I get HTTP ERROR 426.
To test this, you can access the link http://learnecs-nginx-1541224866.us-east-1.elb.amazonaws.com/ and see that the Nginx is working. But, when I use http://learnecs-nginx-1541224866.us-east-1.elb.amazonaws.com/any-route, I get the 426 error.
You can see the repository with the code on GitHub
I have read all AWS documentation and watched some videos, but there isn't enough material about how to use AWS Service connect in the internet.
Related
I'm unable to connect to my EC2 instance where I have an apache web server running (also running an Express.js server on a different port). I have updated the security group to allow incoming requests to http and https ports but I continue to get this response in the browser:
This site can’t provide a secure connection
*********** sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I am able to ssh into my EC2 instance.
Other than ensuring that the correct ports are open and that a service is listening on those ports, is there any configuration needed to setup simple web server on EC2?
Current security group settings:
Currently open ports (sudo lsof -i -P -n | grep LISTEN):
There are some similar questions posted but they are either vague or have been left for dead
You need to install mod_ssl to tell apache to serve httpS connections.
You can use the default (or self signed certificate) to check the connectivity on port 443. If you need a valid ssl certificate, you can get one for free from Let's Encrypt: https://letsencrypt.org/
You can use CertBOT to auto renew certificates: https://letsencrypt.org/getting-started/
I have a website hosted with AWS Elastic Beanstalk using an nginx proxy and have been trying to use Socket.IO, however I get an error message of Firefox can’t establish a connection to the server at wss://my-domain.com/socket.io/?EIO=3&transport=websocket&sid=WKtOGhLspneTExRLAAAB and a 400 response code when the page tries to establish the connection.
This is how the node server is created and emits events:
const express = require("express");
const app = express();
const server = app.listen(8081, () => {
console.log("Server started on port " + port);
});
const io = require("socket.io")(server);
app.route("/api/listener").post((req, res) => {
io.emit("response", req.body.Status);
res.sendStatus(200);
});
This is how the client attempts to connect:
const io = require("socket.io-client");
let socket = io("https://my-domain.com");
socket.on("response",
function() {
console.log("Response received");
});
This is the configuration for my load balancer:
I have tried suggestions from other similar questions, like changing the protocol to SSL and instance protocol to TCP, but that stops the site from being reachable. I do have proxy_set_header Connection "upgrade" and proxy_set_header Upgrade $http_upgrade set in my configuration for nginx.
I found a solution to my specific situation. My previous Elastic Beanstalk environment was set up with a Classic load balancer; I've migrated my website to a new Elastic Beanstalk environment with an Application load balancer and the following configuration:
I have a websocket server built with go running on AWS beanstalk. I'm running a load balancer with a SSL cert. I'm having issues connecting to it via the browser. If I try to connect to it through another go program running on my terminal everything works fine. I've updated my environment to accept TCP instead of HTTP connections on port 80.
When I try to connect from the webapp though I get this error.
WebSocket connection to 'wss://root.com/users/fcbd7f8d-2ef6-4fe2-b46c-22db9b107214/sockets/client'
failed: Error during WebSocket handshake: Unexpected response code: 400
When I check the AWS logs I find this error.
the client is not using the websocket protocol:
'websocket' token not found in 'Upgrade' header
UPDATE
if I run the webapp on my localhost and change the connection string from wss:// to ws:// it works. If I try the same url in the live webapp I get an ssl error.
Mixed Content: The page at 'https://root.com/captions' was loaded over HTTPS,
but attempted to connect to the insecure WebSocket endpoint
'ws://root.com/users/fcbd7f8d-2ef6-4fe2-b46c-22db9b107214/sockets/client'.
This request has been blocked; this endpoint must be available over WSS.
I have enabled Private Google API access for a VPC and I use this HTTP proxy solution described to connect my offsite datacenter to the Google Cloud backend.
Using the solution, I have verified that the Google object storage api's work, by using gsutil to move files across the offsite network.
However I am unable to connect to mqtt.googleapis.com that is required for cloud IOT.
I think this is because the MQTT broker running at mqtt.googleapis.com cannot be accessed via a private network unless it is also proxied like the HTTP proxy solution described above.
Meanwhile actual gsutil IOT commands work fine because I presume they are running over the Google HTTP API.
To solve this I see we'd need any one of the below, unless someone has different way to do this?
Run an MQTT broker proxy in the private VPC and route MQTT packets to the mqtt.googleapis.com . Is there a suitable MQTT proxy broker that we can use in this case?
If we get a range of public IP's that the mqtt bridge (mqtt.googleapis.com) is running at then we can simply build the network routes for this one use case. Is this available?
Would it work via the HTTP protocol bridge in IoT Core? Is using HTTP instead of MQTT an option?
I managed to get this to work using NGINX as a reverse proxy and stream the TCP traffic directly to mqtt.googleapis.com. Here are the steps to achieve this
Install Nginx with the --with-stream configuration flag . This builds Nginx with the functionality of a TCP streaming proxy
My Nginx conf file contains the following to point to Google's broker. The Nginx server is running in an instance in the VPC
/etc/nginx/nginx.conf
stream {
upstream google_mqtt {
server mqtt.googleapis.com:8883;
}
server {
listen 8883;
proxy_pass google_mqtt;
}
}
The internal private VPC has a DNS Server that resolves mqtt.googleapis.com to the IP of the Nginx server
I have created a fresh EC2 instance, installed Apache2 and pointed my domain (hamidlab.com) to ip of this instance. When I browse my domain it shows default apache/ubuntu page, then I stopped apache2 service and try to access (hamidlab.com) it still shows apache/ubuntu default page, now when I try to access 1.hamidlab.com it says
Could Not Connect
Description: Could not connect to the requested server host.
and returns Header Status Code: 502 Connection refused
I tried with nginx server, still same caching issue.
Do AWS have any caching set ?
I am not using any other service than ec2.