I have 3 containers deployed on ecs and traffic is distributed by an application load balancer, swagger on this individual containers can be accessed via e.g 52.XX.XXX.XXX/swagger.
I need the services to be accessed via for e.g:
52.XX.XXX.XXX/users/swagger
52.XX.XXX.XXX/posts/swagger
52.XX.XXX.XXX/comments/swagger
I've tried add the following the loadbalancer rules
PATH /users* or /users/
PATH /posts* or /posts/
PATH /comments* or /comments/
I get a 404 error when i visit the load balancer dns for example myapp-lb-4283349.us-east-2.elb.amazonaws.com/users/swagger
You can't achieve that with AWS Load Balancer alone. AWS LB doesn't re-route traffic based on paths. They just forwards the incoming traffic to origin.
Your service should be accessible via 52.XX.XXX.XXX/user/swagger 52.XX.XXX.XXX/posts/swagger etc. in order for Load Balancer to forward it. You can't forward (or re-route) your traffic from Load Balancer like this:
LB_URL/user/swagger -> IP/swagger
The missing /user/ part is not something Load Balancer can do for you. Update your application itself and add specific routes which you want to listen on.
Related
Is there a way to create forwarding rules that redirect to a different host?
For example, I want to set up a load balancer with a rule that if the host = xyz.com then forward to host = abc.com Is this type of setup possible?
Let me help you with this.
Forwarding rules
A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer.
Note: Forwarding rules are also used for protocol forwarding, Classic VPN gateways, and Traffic Director to provide forwarding information in the control plane.
Each forwarding rule references an IP address and one or more ports on which the load balancer accepts traffic. Some Google Cloud load balancers limit you to a predefined set of ports, and others let you specify arbitrary ports.
The forwarding rule also specifies an IP protocol. For Google Cloud load balancers, the IP protocol is always either TCP or UDP.
Depending on the load balancer type, the following is true:
A forwarding rule specifies a backend service, target proxy, or target pool.
A forwarding rule and its IP address are internal or external.
Also, depending on the load balancer and its tier, a forwarding rule is either global or regional.
As is mentioned the Forwarding rule specified a backed service which can help you to reach your deployment.
Additionally I want share with you the following information abiut the URL Mapping, which can help you too.
URL maps
Google Cloud HTTP(S) load balancers and Traffic Director use a Google Cloud configuration resource called a URL map to route requests to backend services or backend buckets.
For example, with an external HTTP(S) load balancer, you can use a single URL map to route requests to different destinations based on the rules configured in the URL map:
Requests for https://example.com/video go to one backend service.
Requests for https://example.com/audio go to a different backend service.
Requests for https://example.com/images go to a Cloud Storage backend bucket.
Requests for any other host and path combination go to a default backend service.
URL maps are used with the following Google Cloud products:
External HTTP(S) Load Balancing (global and regional)
Internal HTTP(S) Load Balancing
Traffic Director
There are two types of URL map resources available: global and regional. The type of resource that you use depends on the product's load balancing scheme.
There is another solution named "HTTP-to-HTTPS redirect" to redirect all requests from port 80 (HTTP) to port 443 (HTTPS).
HTTPS uses TLS (SSL) to encrypt HTTP requests and responses, making it safer and more secure. A website that uses HTTPS has https:// in the beginning of its URL instead of http://.
But I am not sure if the HTTP-to-HTTPS fits with your description.
I hope this information help you to chose the best option for your deployment.
Framework: .Net core 2.0
Hi everyone,
I have deployed let's say 3 applications on the same EC2 instance which are websites (front end angular js and 2 web apis for authentication and communication). How do I setup a single load balancer for catering requests for all of the 3 websites using HTTPS?
These websites communicate among each other for authentication and providing the required data between them.
The websites are deployed on the EC2 using hostnames on the IIS and they are accessible directly through the hostnames. Is there another/better way to deploy them instead of hostnames only?
When setting up a load balancer, you would have to configure listeners for it, wherein you mention the ports through which you would want to access your application. And in the listeners you would have to mention target groups to which you would route traffic, based on hostnames / host headers.
So, here are the steps to follow.
Since all your traffic has to anyway go to the same instance, you would have to create one target group and register the instance that you have already created with traffic routed through the 80 port.
Now, coming back to the ELB configuration, you would need to create a HTTP listener (port 80) that would have a default rule to redirect all traffic to HTTPS (port 443).
In the same ELB, create a HTTPS:443 listener, where (usually) you would have different listener rules depending on what are the hostnames of your sites in IIS. But just for simplicity, configure the default rule to route all traffic to the target group created in the step above (once we check if traffic is flowing right, we can change the configuration to improve security).
That's all!
With the right security group whitelisting, your traffic should flow into your instance through the ELB.
Congratulations! That should be enough...
... unless you want to make sure that ONLY the requests related to those sites flow into your instance, then, once you are sure that the traffic flow is right, you can create another listener rule in your ELB's HTTPS:443 listener, wherein you can configure the following setting:
IF Host Header is frontend.website.com OR webapi1.website.com OR webapi2.website.com THEN Forward to (target group created in Step 1)
Sorry in advance if this doesn't make much sense. I'm fairly new to this, so bear with me please.
I'm trying to specify a domain to a specific folder depending on the domain name the user use (example.com or test123.com), through Amazon Elastic Load Balancer (Application load balancer to be specific).
My current setup is that all traffic from the internet goes to a Load Balancer (ELB), from there it round robin between 2 EC2 instances. Both instances are connected to an Amazon Network File System (EFS), as well as a Relational Database (RDS).
I can access the website(s) fine through the DNS of the load balancer (http://web-load-balancer-efs-16512354.us-east-1.elb.amazonaws.com/example/)
What I want to do now set it up so that if someone put example.com as their url it will point to the Load Balancer and from there the server will use the correct folder as root (www.example.com document root would be http://web-load-balancer-efs-16512354.us-east-1.elb.amazonaws.com/example/, but the URL will still be www.example.com).
I created a hosted zone on Route 53 to point the domain name to my load balancer, but currently my load balancer which leads to one of the ec2 instances. Currently the ec2 document root is /var/www/html/efs-mount/.
Is there a way for me to have multiple document root depending on the domain name?
I stumble on something about putting multiple TLS/SSL certificate on your listener and through SNI protocol it'll be able to find right place? http://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates. I'm not sure if this is what I need, or I'm completely off track.
If someone can point me to the right direction on how to do this that would be great.
Thanks
You are indeed off track.
While ALB with multiple SSL certificates may be a part of your strategy, since it allows you to attach multiple ACM certificates to a single instance or group of instances, ALB does not re-write the paths of the incoming requests or determine how the instance resolves web paths into filesystem paths.
This is something configured in your web server itself. Start by searching for something like "name based virtual hosting." Each domain name will specify it's own "document root" in the web server configuration files.
Is it possible to set up an App Load Balancer on AWS to be both internal and externally accessible? For example, a web application has an admin dashboard located at /admin and it'd be great to have that only accessible via a VPN and have the rest of the site public.
The scheme (internet-facing | internal) is a property of the load balancer itself, and can't be controlled independently at the listener level, so no you won't be able to have one rule's path only resolvable within your VPC, and another rule Internet facing.
http://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_CreateLoadBalancer.html
A Layer 7 load balancer is more sophisticated and more powerful. It
inspects packets, has access to HTTP and HTTPS headers, and (armed
with more information) can do a more intelligent job of spreading the
load out to the target.
https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/
I understand the AWS Application Load Balancer has access to the HTTP(S) request headers but I can only see how you can route via the path. Can someone explain how I can route based on the user-agent header. If it's not possible, please suggest an alternative AWS method.
Till 2017-05-26 ALB doesn't have header based routing. With a update on 2017-04-05 it has included Host based routing. Currently it supports only path and host based routing. You can visit here for latest AWS information.
If you want to route based on headers ,currently there are no options in ALB.
You have to have an additional layer either like a proxy / nginx servers.
Flow can be something like this below.
Client calling https://example.com
ALB's DNS is configured to example.com
ALB has Target group attached to it which has nginx instances. Nginx instances routes to respective Load balancer with the header information. ( eg. if customerId is 123 route to ELB 1 else route to ELB 2 )
Two ELB has different EC2 instances attached to it.
But heard AWS is working on routing request based on the headers.
For anyone looking now, as of March 27 2019, ALBs now support routing based on HTTP headers other than the Host header.