I have an ALB and a target group pointing to my EC2 instance running apache2 on Centos 7. the healthcheck path by default is pointing to '/'
If i create a default website in virtualhosts, everything works as the Healthcheck's status is 'Healthy'; but if I want to turn off the default site and only have certain URLs available, what should I change the default path to? I've tried various paths and the status always seems to go to "unhealthy"
I logged a ticket with AWS who have responded with:
"Unfortunately, at the moment it is not possible to perform health checks based on host headers for any Elastic Load Balancer (ALB, CLB or NLB). However, there is already an existing feature request for this type of configuration"
My workaround was to create a default site in VirtualHosts. On my Centos 7 server I have updated file:
/etc/httpd/vhosts.d/myweb.conf
I added:
<VirtualHost *:80>
DocumentRoot /var/www/html/healthcheck
ServerName healthcheck
ServerAlias *
</VirtualHost>
and then created the file
/var/www/html/healthcheck/index.html
so the healthcheck responds a 200 success.
I hope they update this soon and add ability to pass a health check via domain name and not just port or /healthcheck.html. I think I may have gotten around this problem on Windows EC2 by opening a port 8088. Try this:
enable listener on load balancer on port 8088
on target group change health check to custom port 8088
on EC2's security group allow HTTP traffic on port 8088 Ip4 and Ip6
create new website on EC2 IIS "health-check" and set binding for port 8088 using HTTP and blank hostname
on EC2 run this PowerShell command: netsh advfirewall firewall add rule name="Open Port 8088" dir=in action=allow protocol=TCP localport=8088
using nMap confirm that 8088 is open: Discovered open port 8088/tcp on #.#.#.#
on target group only add one target either using port 80/443, do not add target on port 8088 :)
on target group confirm that you see healthy - This target is currently passing target group’s health checks.
One outstanding issue I have with this setup which I am investigating is that domain that I pointed to EC2 IP example.com is not loading the "health-check" site by going to example.com:8088 - please post your suggestions. Cheers
Related
I’m in trouble with aws ALB setting.
When I set target group to listen 80 port with path “/“ it returns unhealthy.
My apache web server is running, and I make index.html file on path “/var/lib/www/html”.
But when I start my tomcat service with port 8080 it works. It returns healthy.
I don’t know why.. anyone have answer for this?
I cannot load a webpage using Google Cloud Platform compute engine, Linux server.
I am using the IP address. I checked the boxes to allow HTTP and HTTPS traffic.
I can ping the IP address and receive 4 replies.
I installed php 7.3 and apache2.
I started the apache server, and verified that the apache server is running. Then I did not change any configurations.
The doc root is still set to /var/www/html. the default webpage still exists. I just deployed this server, and it have never worked.
A previous similar question answer suggest enabling firewall rules. I checked firewall rules for this server.
HTTP and HTTPS ingress is allowed.
The firewall rules are set as follows:
default-allow-http
Ingress
http-server
IP ranges: 0.0.0.0/0
tcp:80
Allow
1000
default
Off
—
default-allow-https
Ingress
https-server
IP ranges: 0.0.0.0/0
tcp:443
Allow
1000
default
Why, please?
Check if the apache service is running
ssh into the GCE instance and check if you can get the page content locally
curl localhost:80
curl localhost:443
Make sure that the ingrees rule that allows traffic on port 80 and 443 is applied to the instance
I have multiple services running on multiple ports on a single AWS EC2 instances. I've been using two ALBs to run these services, but I'd like to combine them into a single ALB that forwards to the correct service based on the host name. One service is a node app running port 80 and the other is a flask app running on port 5001.
As of now, I have a target group setup as mywebsite for the node app on port 80, and api-service for my flask app on port 5001.
I added those target groups to an ALB, my-alb, and set up forwarding rules so that port 80 and 5001 will forward to port 443. On port 443 I set up forwarding rules so that if the host matches api.* it will forward to the target group api-service otherwise it will default to my-website.
I have also set up my alb as the alias for api.mywebsite.com and www.mywebsite.com on route 53 as well as setting up the certificate. All the health checks are passing for both my target groups.
Here's the issue:
www.mywebsite.com works properly. I get forwarded to the https version of the site and everything looks fine. When I try to use api.mywebsite.com it doesn't load and I get a 504 Bad Gateway error.
To summarize, here are the steps I've completed:
Setup two target groups for my services on port 80 and 5001
Added those two target groups to ALB and set routing rules to redirect to port 443
Set forwarding rules for route 443 to forward to the service on port 5001 if the host matches api.* else route to the service on port 80.
Set the ALB as the alias for api.mywebsite.com and www.mywebsite.comin route 53.
Any help would be appreciated, thanks!
EDIT: Got it working.
I had configured my security group incorrectly. That is the step I was missing :D. Once I added port 5001 to the security group assigned to my ALB and EC2 it began to work properly.
Thanks!
I've added the port to the inbound policy of the security group running in my EC2 instance:
Custom TCP Rule
TCP
9292
0.0.0.0/0
But when I nmpap it I get that it is filtered. I can't find any way to change it or understand why is filtered in the console. Does anyone knows how to achieve a full port management on AWS or what could be going on in this case?
I've checked that ufw (ubuntu firewall)
Thanks!
There was another process which was using the 9292 in localhost. So it was filetring all outside connections.In this case I was starting faye server with the standar command which starts faye server under localhost.
I fixed it starting faye under the dns name of the server and it works.
I've registered domain with bigrock.in
Created ec2 instance in aws
created elastic ip
registered with route53 and gave my domain name
changed the name servers in bigrock with the provided names in bigrock
ssh to the ec2 instance with elastic ip
ran node.js app with forever
with the following environemnt variables
export ROOT_URL="www.domain.com"
at the time of route53 process, I created A record with www sub-domain to elasticIp
But, I'm not seeing anything at domain.com or at elasticIp xxx.xxx.xxx.xxx
Did I miss any steps, Is there anything wrong I did or do I need to do anything to make this works
EDIT
I haven't added any A or CNAME records to bigrock just changed the name server to the servers provided by ROuter53
Edit 2
that is my security group outbound details, My app is running on port 80.
Are those settings correct?
EDIT 3
My INbound rules
You've got a rule to allow all traffic from anywhere on the INBOUND security groups so its not that (make sure you fix this later when you get it working - as it is, its a bit of a security hole).
Next thing I would normally say is its a dns problem, but as you say you've tried going to the eip as well as the domain name its not that either.
Next likely candidates are:
The server isnt listening - it may be that it hasnt started properly try checking the logs,The machine's firewall is blocking connections. (try turning it off - keep this at VERY short time length though - its a huge risk in combination with your security group settings)
Or your server is not listening on port 80, e.g. it might be listening on 8080 or 443. Check the server config - by default browsers assume port 80 for http, if its not listening on that you will have to specify the port in the address bar as well e.g. http://example.com:8080