I have an alb pointing to my ecs service registered to target-group-one. The DNS of the load balancer works fine and able to print the message from my simple apache webserver. However when I configure path based routing like in the image attached and the add the path to the the DNS url ......com/gci, I get the error message The requested URL was not found on this server.
What am I not missing or not doing right?
If your actual httpd server does not respond to /gci without ALB, then it will not work with ALB. The path rule that you configured only forwards the query to your target group (TG).
So if the rule matches www.example.com/gci, ALB will just forward the query to the associated TG. This means that your ECS service still must correctly respond to /gci path.
In other words, the forwarding rules of ALB do not re-write the paths.
Related
I have deployed 2 services in ECS Web and API, Both of the services have their ALB, How can I configure my domain as follows:
example.com -> Web ALB
example.com/api -> API ALB
I tried creating a single ALB for both web and api target group and added a path based routing in rules but /api request is received by nodejs with full path, Eg. if a call example.com/api/products node is getting /api/products instead of /products
What could be a proper way of implementing this?
Thanks!
call example.com/api/products node is getting /api/products instead of /products
That's correct and that's how it should work. In other words, ALB can't change path from /api/products to /products, because ALB only forwards requests, it does not re-write them.
You can have a look at CloudFront, which could be helpful in that case.
I have 3 containers deployed on ecs and traffic is distributed by an application load balancer, swagger on this individual containers can be accessed via e.g 52.XX.XXX.XXX/swagger.
I need the services to be accessed via for e.g:
52.XX.XXX.XXX/users/swagger
52.XX.XXX.XXX/posts/swagger
52.XX.XXX.XXX/comments/swagger
I've tried add the following the loadbalancer rules
PATH /users* or /users/
PATH /posts* or /posts/
PATH /comments* or /comments/
I get a 404 error when i visit the load balancer dns for example myapp-lb-4283349.us-east-2.elb.amazonaws.com/users/swagger
You can't achieve that with AWS Load Balancer alone. AWS LB doesn't re-route traffic based on paths. They just forwards the incoming traffic to origin.
Your service should be accessible via 52.XX.XXX.XXX/user/swagger 52.XX.XXX.XXX/posts/swagger etc. in order for Load Balancer to forward it. You can't forward (or re-route) your traffic from Load Balancer like this:
LB_URL/user/swagger -> IP/swagger
The missing /user/ part is not something Load Balancer can do for you. Update your application itself and add specific routes which you want to listen on.
I am using a Load Balancer with Elastic Beanstalk. I want to redirect any host that is different than domain.com to domain.com.
Is that possible to achieve with an AWS load balancer?
This is actually quite easy and fully supported by the AWS ALB.
What you're looking to do is to add a Host header based rule. The steps below should be followed:
Find your Application Load Balancer
For each listener select View/Edit Rules
Click the + symbol at the top of the console to add your rule, specify that the rule is a host header rule with a target of your target group.
Edit the default rule, remove the action and set to a redirect action (as show in the below screenshot).
By adding the host header rule with a target as the target group for you app, it will only connect to your hosts for the correct host name.
Otherwise have the default action be a redirect action to redirect to the domain you specify.
I have an EC2 instance which hosts a web site running in IIS. I have also set up a AWS Application Load Balancer with a HTTPS listener into which I have added my web site's SSL certificate (held in AWS Certificate Manager). The HTTPS listener redirects traffic to my target group which in turn points to my EC2 instance. The EC2 instance uses a security group to only allow traffic from the Load Balancer.
Firstly, am I correct in thinking that the Application Load Balancer decrypts the SSL traffic and as a result, this is forwarded to my target group using HTTP (in other words, my EC2 instance's security group only needs to accept HTTP traffic from the Load Balancer and I can remove my SSL certificate from IIS)?
Secondly, the main problem that I am experiencing at the moment is that the site has relative paths to some of the resources (CSS, JavaScript, etc). As a result I am getting mixed content errors in my FireFox console when I browse the site. I set up a HTTP listener in my Load Balancer to redirect traffic to HTTPS but this doesn't seem to be working for relative paths.
I don't particularly want to edit the site to change relative paths to fully qualified HTTPS URLs as it is a very complex content management system. Also, before using the Load Balancer the site was serving content perfectly (the DNS entry pointed to my EC2 instance's public IP address and there was a rewrite rule in IIS to handle non HTTPS traffic).
Any advice would be greatly appreciated.
For your first query, I think Yes. You can remove my SSL certificate from IIS and point EC2 instance's security group to accept HTTP traffic from the Load Balancer.
For your concern on relative path's problem, please go through this link: After introducing ALB, Mixed Content Error happened
I think it will be helpful.
Open your browser and click on the Network tab and check these call should be going somewhere else which is using HTTP, these are an outgoing call from your application and redirect will not fix these issue. see the screenshot
Seems like same error in your case, you serving images from some other side, not from the EC2, It's mean those request which EC2 server is supposed to answer will work fine, but those which your code try to pull JS file or other resources these are outgoing call and this is nothing to do with LB redirect rule.
Better to update your application and all the URLs to https.
When a user visits a page served over HTTPS, their connection with the
web server is encrypted with TLS and is therefore safeguarded from
most sniffers and man-in-the-middle attacks. An HTTPS page that
includes content fetched using cleartext HTTP is called a mixed
content page. Pages like this are only partially encrypted, leaving
the unencrypted content accessible to sniffers and man-in-the-middle
attackers. That leaves the pages unsafe.
Thanks for the replies. I managed to get to the bottom of the second issue. The site's web.config had a rewrite rule which was forcing URLs to lowercase (something to do with SEO). This was causing the problems when serving the CSS and JS files. I've made the necessary updates to this rule and it now appears to work (see IIS URL rewrite module url's to lowercase).
For the first issue, the SSL certificates do not need to be installed on the IIS web server - they are only required in AWS Certificate Manager and then to be assigned to the Load Balancer which in turn has 2 listeners - one to direct HTTPS traffic to my Target Group and one to redirect HTTP traffic to HTTPS.
My IIS site now only has HTTP bindings and only accepts HTTP traffic from the Load Balancer.
All seems to work!
I have created an ALB and a target group.
The ALB has a listener on 80. This forwards it to my target group which in turn sends it to a registered instance on port 9000.
I am trying to add a path based rule as follows:
However, when I am hitting <alb-dns-name>, I do get redirected to my registered instance.
When I try <alb-dns-name>/portainer I get 404.
Am I missing sth?
Path based routing also forwards the path to the respective request header;
So my app received /portainer in the request arriving to it and could not find/handle.
Switching to host based routing and the appropriate dns entries;