We have set up a network loadbalancer with a TCP listener set to 9443. The default action is set to forward all to a targetgroup ( protocol also set to TCP ) which has one instance (server1) that is also is listening on port 9443. The health check of the target shows healthy.
Now when we are on the instance itself - server1 - and we try to connect to port 9443 of the nlb it will fail to connect. We have one security group bound to server1 which allows all inbound traffic.
When we are on another server - say server2 - and we connect to the nlb on port 9443 it works okay.
But when we change the targetgroup type to ip instead of instance and we fill in the private ip address of server1 the same test is working fine.
How does it come that this isn't working when setting the target type to instance? Are we mising something or is this the way it works on AWS.
Okay - I was pointed to this AWS article which confirms the behavior we see.
https://aws.amazon.com/premiumsupport/knowledge-center/target-connection-fails-load-balancer/
Related
My EC2 instance has the following security rules:
Unfortunately, if I browse its public IP address via HTTPS, I get "Unable to reach the site", while if I browse it via HTTP it works as it should.
SOLVED - I had to set Apache to listen on port 443.
I have updated my question again. Below things i have done with AWS ALB.
Created Target group which is IP based to registered one instance with Port 80. I have created ALB listener with 443 IF Host header is zzzzz.example.com Then Forward to created Targetgroup. As well ALB Listener 80 THEN Redirect tohttps://#{host}:443/#{path}?#{query} Status code:HTTP_301. Its working fine. But its target group still unhealthy.
Created Target group which is Instance based to registered another one instance with Port 8443. I have tried to add in same Listener 443 IF Host header is yyyyy.example.com Then Forward to created Targetgroup. But its not worked as expected. its too unhealthy.
Where i'm wrong? How can i solve this one? Is my case logically right?
You can use AWS SDK to create a target group with the IP of new instance to forward 8443 port to 443 port and then attach it to the load balancer.
Here's how : How to create and attach a ELB properly in Boto3
I have configured an EC2 instance and I am now trying to install an open source app (Wiki.js). One of the steps (visible here under configuration) requires me to navigate to http://localhost:3000/ but replace localhost with the IP address of my server. I have tried this multiple times and tried different variations of security groups for the EC2 Instance but nothing seems to work. Currently the inbound rules are set to the following:
1)
Type: HTTP
Protocol: TCP
Port Range: 80
Source: 0.0.0.0/0
2)
Type: HTTPS
Protocol: TCP
Port Range: 443
Source: 0.0.0.0/0
3)
Type: SSH
Protocol: TCP
Port Range: 22
Source: 0.0.0.0/0
I'm not sure what the problem could be. Are these security settings wrong? Am I using the wrong IP address? I am coping the address directly from the console under Iv4 Public IP.
EDIT:
Could it have something to do with the route table or subnet? If so it doesn't appear to be possible to edit those via the console. Would I need create a new instance?
Why don't you open port 3000 for the EC2 instance ?
I think the application requires you to access port 3000. But you don't configure that security group.
I set up kubernetes cluster and then I deployed it on AWS . It created one load balancer, one master and 4 minion nodes.
I can use kubectl proxy command to check whether it works locally and it turned out that yes. I am able to connect to a particular pod.
The problem is that I can't access it externally. I have IP which looks like this :
ab0154f2bcc5c11e6aff30a71ada8ce9-447509613.eu-west-1.elb.amazonaws.com
I also modified security group, so each node has a following security group :
Ports Protocol Source
80 tcp 0.0.0.0/0
8080 tcp 0.0.0.0/0
All All sg-4dbbce2b, sg-4ebbce28, sg-e6a4d180
22 tcp 0.0.0.0/0
What might be wrong with this configuration ?
Does the service which created the ELB have endpoints. Do a kubectl describe svc <serviceName> and check the endpoints section. If not then you need to match up the selectors better. If you do see them then I would try hitting the nodeport from one of the machines to verify it works. A simple curl should work. If that works then I would look deeper into the AWS security.
I am using tcp load balancer in google cloud platform, How do i forward the the frontend configurations
<static-ip>:8000 and <static-ip>:80
to the 8000 port of a backend instance group ?
The temporary solution i have used is by logging into each machines in the instance group and used ip-tables to forward the incomming traffic in port 80 to port 8000. But this is not a feasible solution if the number of instances are more.
Port forwarding cannot be implemented in google cloud's tcp loadbalancer, but available in HTTP and HTTPS load balancers. The port forwarding should be done through ip-tables in the machines.