What can be a simple ALB health check for 2 app servers behind an ALB. These are not web hence I am not installing http on these servers.
You have option of configuring HTTP/HTTPS/TCP traffic for health check.
With ALB you need to associate an target group. Health checks are configured against this target group.
Your 2 app servers must be serving some traffic (say: TCP traffic over port 3306, if its running mysql). This is known as traffic port , the same port where your ALB is listening.
When you create Target group, you have to mention that health check will be done on this traffic port.
This is what you get when you attempt to create target group:
Related
I have an HTTPS endpoint and I want my application loadbalancer (ALB) to NOT terminate TLS and pass it through to the instances. How do I configure health checks on the target group to reach the instance? I don't see any option to set the TLS cert.
Turns out it can't be done via the ALB ,
use an NLB with TCP traffic configuration or classic ( being discontinued, so use it at your own risk)
We are trying to configure ALB for the AWS EC2 docker containerized Rasa Server with Port 5005.
We have attached the Rasa Server to the ALB but we are receiving unhealthy checks with 504 timeout gateway although we are getting the response from the Rasa server Ip address.
We are not able to get the health checks from the ALB after configuring the '/' path. But in the browser, we are getting the healthy response if we use the Rasa Server IP address instead of the ALB DNS name.
Private subnets, security groups and the VPC are configured as same in the ALB and the Rasa Server.
Can you help us here
The 504 timeout indicates that the Load Balancer is unable to speak to the target group.
As you're able to speak to the container (which indicates it is running), the most likely reason is that one of the security groups of the host is not providing inbound access from the load balancer.
Ensure that it can provide inbound access to your load balancer on the specific port.
Other than this check that the target group is configured to use the correct port within the target group, it is easy to accidentally set as port 80 which would lead to it attempting to either health check or service traffic via port 80
I created application load balancer and assigned a target group which contains two EC2 instances, i am using only https traffic to flow through ALB as i am using SSL certificate from ACM but my target group health check fails. So far i done the following
index.html is in root dir /var/www/html
apache is running as i can hit the server ip to view the web page
http works perfectly fine using ALB
443 instance shows unhealthy
Same ssl certificate when i used in classic load balance worked fine to
route SSL traffic, so the certificate is fine
Something going wrong in application load balancer only
security group allows 443 traffice for both instances and ALB.
Same instance if i put in http target group becomes healthy
Both ec2 if i remove from http target group and assign to ssl target group becomes unhealthy
Thanks
The SSL certificate is on the load balancer. The connection between the load balancer and the EC2 instance cannot be HTTPS because the SSL certificate is not on the EC2 server. You cannot use a target group configured for HTTPS via port 443 with your SSL configuration. You will need to continue using a target group configured for HTTP.
In my AWS account,
I have the following setup:
1x ECS cluster with 2 services (service-a and service-b)
Each service has their own target group
service-a binds the port on 443
service-b binds the port on 8888 (I needed to do that, because 443 might be already allocated by service-a)
Both services are reachable with HTTPS protocol
1x ALB which will be used in both service to load balance traffic
1x HTTPS Listener on the ALB (balances traffic by path)
1x Security group for the ALB (only allows inbound traffic from a given network)
1x Security group for all ECS EC2 Instances which are allowing inbound traffic from the ALB (on port 443 (HTTPS) and 8888 (Custom TCP Rule))
However:
service-b is always unhealthy.
I tried to add a new HTTPS Listener on the ALB which listens on port 8888 and this listener forwards the traffic to my service-b-target-group as expected.
Does anyone have any clue?
Thanks in advance!
Did you configure an advanced health check of your target group for service b?
it should look like this
picture here
The default setting of the target group is "traffic port". If you have configured an path-based routing, the traffic port is the same for both target groups.
Request on url.com:443/service-a and url.com:443/service-b will try to do health checks on port 443 on both target groups
For service-b you should define an advanced health check on a specific port, because your service listens on that port (8888 in your case)
Is it possible to have an application running on an EC2 instance and have a load balancer listen on port 80 but proxy it to the instances port 8080?
I cannot seem to get this to work. What setting to I need to change. I am running the cluster behind an application load balancer.
Adding answer with AWS management snippets .
Add the instance port in the target group, refer below image for it. for example i've added tomcat 8080 port to the target group port/
Make sure that your ELB is internet facing. refer below image of ELB summary , which says that my ELB is internet -facing. and check that your routing is properly added.
You define the instance port in the Target Group. You need to configure the Target Group to use port 8080. Then point the Application Load Balancer's port 80 listener to the Target Group. The ALB will listen on port 80, and forward requests to port 8080 on the Target Group instances.