I have a kubernetes service I exposed with a custom domain name. When I try to access the service using custom domain, it fails (just loading forever). But if I use the IP, it works. Do I need to configure something somewhere? I am using GKE.
When I ping the URL, its trying to hit the correct IP. Also ping works.
The LoadBalance service is a layer 4 load balancer and thus only uses the IP to route traffic to your backend pods. If ping works and the site loads correctly when you use the IP address, this shows that the load balancer is directing traffic correctly.
There is likely a setting in your webserver that is looking at the URL and is having issues loading when a URL is used. Check your container logs to see if any errors are returned when you use a URL instead of IP.
Related
I have setup a GCP load balancer following the steps as displayed on https://cloud.google.com/load-balancing/docs/https/ext-http-lb-tf-module-examples#with_a_backend . I have create an A record at my dns provider and I am succesfully able to reach my service through the domain name. I have also created a http to https redirecting load balancer, which only redirects when visiting the domain name.
However my problem is that I can also still directly access my load balancers ip adress over http, which in turn redirects to my backend service thus allowing insecure access to my service. I am not sure what steps there are to debug my configurations or if anyone has experienced something similar.
The simplest method is to redirect HTTP to HTTPS at your backend. That method provides you with more options and control.
Tip: if the client arrives at an IP address, you most likely want to discard that traffic. That traffic is typically hackers, trolls, etc.
You can also set up a redirect in the load balancer:
Set up an HTTP-to-HTTPS redirect for global external HTTP(S) load balancer
I have a site hosted with AWS, but the domain is not ready yet. I want to work on it and begin testing.
The site runs through a load balancer.
When I go to Load Balancers in EC2 I can see the DNS name. If I type this into my browser I get a warning that it is unsafe, then when I choose to load anyway I get an error DNS_PROBE_FINISHED_NXDOMAIN
I used the "dig A " command in terminal to get the IP address. I added this IP address to my hosts file, and I get the same error when trying to access it like that.
I get a warning that it is unsafe
It is unsafe because default ALB url does not use HTTPS. It only works with HTTP which is marked as unsecure by all major browsers.
To fix that you need to have your own domain and setup a valid, pubic SSL certificate using AWS ACM for that domain.
I'm about to lose my mind trying to set this up. I have lost the whole day and can't seem to get near what I want to do.
I have a node js rest api uploaded trough elastic beanstalk, and I'm trying to setup a webpage to present the api, but for the live example to work the api needs to be accessed trough https. I've read the instructions for setting up the https for elastic beanstalk (and like everything on the AWS documentation it is a ridiculous maze). It has sent me trough several different AWS services.
What I basically got from it so far is that I need to set up a Load Balancer that will receive the connection trough https and forward the user to my instance. But I can't get it to work. I have a domain from freenom: bibliaparahumanos.tk, it is setup with an A alias to my EC2 IP, and it works with http, but if I try to access it trough https, I get "connection refused". If I use my normal Elastic Beanstalk url (http://apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com/) with https it works, but I get a warning that the connection is not secure due to the domain on the certificate being different from the domain I'm accessing (which I understand, since the domain in the certificate is for my freenom domain).
I have the Load Balancer Listener set up with:
Protocol: https
Port: 443
Default action: forward to target group
(I have tried the target group with both http and https and the problem remains).
My certificate is from AWS Certificate Manager.
I have also seem this other tutorial but it confused me more. It adds some steps for configuring stuff on the app bundle, but I don't understand if it's required or an alternate way. I have tried setting that up, but it asks me to add the certificate's public key, which I can't figure out how to find.
I would suggest adding a CNAME record to your DNS towards apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com.
A big advantage of using elastic beanstalk is that you can do blue/green deployments; as you will instead add the app URL to your DNS you can build an entire new environment in elastic beanstalk, test/wait until its stable and swap the app urls; which results in deployments without any downtime.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html
Good evening, I am currently trying to set up a load balancer for my server, I successfully set everything up, however when I go to google domains to set ip record I get the following error "mysite.com unexpectedly closed the connection."
http://prntscr.com/npm04o
http://prntscr.com/npm0ot
Also when i type the ip manually in the browser I get the same error. However when I set my ip record to a VM machine ip that comes from my instance group the load balancer ip starts to redirect to my site. I would like to get the load balancer ip to work with my google domain records.
Picture of configuration
http://prntscr.com/npm3ye
I think you are connecting to the load balancer using HTTPS. You do not have a front-end configured for HTTPS. Specify http:// and try again. If this is not the case, then go to Stackdriver and check the logs for your HTTP(s) Load Balancer.
Note: You have not provided enough information in your question. You need to provide the frontent, backend and healthcheck configurations.
Once you have everything working, your DNS resource record TTL should be longer than 1 minute - clients will constantly have to resolve your DNS names. Using a CNAME instead of A record adds another lookup. Use an A record instead.
I am really struggling to get my basic website (literally just a template without any changes, just running ASP.NET) to work with HTTPS. I am using an Elastic Beanstalk environment to host the site, and the site EC2 virtual machine is behind a load balancer (classic).
I have followed the guide here
And believe I have everything configured correctly, however when I browse to https://www.playground.cloudy-skies.org/ or even the http:// version, I get a HTTP ERROR 503.
I have created an SSL certificate using AWS certificate manager:
I have the load balancer in AWS configured like so:
As per the website documentation, my domain name is pointing to the elastic beanstalk instance, not the load balancer. I've checked the AWS official doco and it says to do pretty much this. Where am I going wrong? if I browse the site with Fiddler active I get:
Please help? I'm a software developer more than I am a network guy, so I'm doing my best here but I'm struggling and have yet to successfully create a site that uses HTTPS.
First thing if you are using Beanstalk your Route 53 will be pointing to your Beanstalk Url only. You can change even force it your Loadblancer also but it doesn't make any change.
As your HTTPS (Port 443) is not working, just check the Security Group of EC2 instance and ELB (Elastic Load Balancer). Sometimes it happens Security Group block your Port.
So in Your Inbound Rules, (for both ELB and EC2) 443 port should be included