My EC2 instance has a site hosted using tomcat and that can be accessed using
http://public-Ip:8080/index.html
But when i put this instance behind a elastic load balancer, set the health check to
HTTP:8080/index.html
though the ELB passes the health check, when i try to access the using site using
http://ELB:8080/index.html
i am unable to access the site.
Is there something that is missing? or i need to do additionally.
This is how my LB listner tab looks like
LB listner tab
There was issue with the communication between the Security Group (SG) of my EC2 instances and the Elactic Load balancer(ELB) SG. I allowed my EC2 SG in the ELB SG and that helped.
Related
I have a the application load balancer set up with a security group. I also have my ec2 instance (windows) set up with another security group. My ec2 instance is configured in vpc.
If I type the load balancer dns (for example http://alb-myrpoject-437610392.us-east-2.elb.amazonaws.com/) on the browser it works but the health check fails. Here is the screenshot of the target group:
I am using the Apache web server.
Any idea why the health check is failing while the load balancer dns works?
Thanks for trying to help with your comments. I realized that I didn't give enough info. Okay, I've finally figured it out. On the security group of the ec2 instance, I also added
HTTP TCP 80 0.0.0.0/0
Now the health check became healthy I can also reach out my web page using my ip of my ec2 instance.
I set my load balancer to allow traffic on port 80 to the security group of my EC2 instance, but the load balancer refuses to connect. To do a sanity check, when I allow HTTP traffic from my IP to the load balancer, I'm able to connect seamlessly. I can only access the load balancer from my EC2 instance when I allow all traffic to port 80 on my load balancer. I keep checking back and forth to make sure the security group that the EC2 instance is in is the same as the one that the load balancer should allow, so I know it's not that. What else could be blocking the traffic?
Context: I used a load balancer because I wanted a static address for my EC2 instances to access and I don't want the IP to be dynamic. Basically, behind the load balancer is one coordinator instance that I want to manage jobs for the auto scaling EC2 instances. The load balancer can be internal for the purposes I need it for.
Network traffic between an EC2 instance and a public facing load balancer will go out to the Internet and back, it won't stay within the VPC. Once the request leaves the VPC it loses its association with the source security group, which is why your security group rule isn't working. If the EC2 instance has an Elastic IP address assigned to it, you could try adding that to the load balancer's security group instead.
There is probably a better way to do what you are trying to do without having your EC2 instance access a public load balancer. Perhaps the load balancer could be converted to an internal load balancer? Or maybe there is a better way for this EC2 server to communicate with the resources behind the load balancer directly somehow. You would need to post more information about your system and your desired goal for help with that.
I face an issue in AWS Elastic BeanStalk health checking. I deployed to my NodeJS application to AWS via elastic beanstalk. Then I give permission my elastic load balancer TCP 443 port accessible for only my domain that is routed by Cloudflare. Basically, My elastic load balancer is only accessible by Cloudflare,
Due to the fact that I use Cloudflare, AWS health checks can not be able to access to the endpoint of the load balancer. How can fix this issue? I don't want to open my load balancer TCP 443 port to all world people. I want to open TCP 443 port for the only Cloudflare and, at the same time, I want to use health check of AWS :)
If somebody reads this question in the future, I thought that the health-check is being executed, externally - accessing publicly. But I have just learned that it was not :)). It is being executed directly internally. There is no problem related to Cloudflare or the security group or any other thing!
If there is an error in your ELB regarding this, the problem is probably related to your codebase, not the security group or other configurations.
My app was easy deployed on 3 instances using OpsWorks. I can Access it using instance IP's fine.
My question is: how can I access it using load balancer?
ELB says all 3 instances are InService, but typing public DNS on browser, it loads forever and shows nothing.
Testing ELB public DNS on http://whatsmydns.com it shows IP's that aren't from my instances.
Am I doing something wrong?
I have added Public DNS to my app as hostname.
There are a couple things to check:
Check that your load balancer listeners are configured to listen
and pass traffic to the same port that the instance is listening on
(for example http traffic 80 => http 80, https traffic 443 => https
443)
Check that the security group of the webservers allows
traffic from the loadbalancer. Though if you can access your instances directly via browser, I'm guessing they are open to 0.0.0.0/0 so shouldn't be an issue here?
Check that security group of the load balancer allows access to public on all needed ports (typically 80 and 443)
Check that elb healthcheck is not failing (under elb
instances you can see if the instances are in service or not) If it
says "Out of service" that's the problem. You need to make sure that
healthcheck URL is accessible and returns 200.
The DNS of your load balancer is different from your instances - it returns the IP addresses of the instances that the load balancer is running on, AWS usually has at least 3 servers behind the scenes for that.
So I set up a proxy server in AWS EC2 (let's say EC2 A) under Elastic Load Balancer with AWS AutoScaling groups... So I have 5 of EC2 : A under this elastic load balancer that has one DNS server endpoint for this proxies.
Through this proxy DNS (e.g. http://myelb.elb.aws.com), I want to send HTTP request from EC2 B.
Then where should I set up the security group?
And what kind of security rules for this program flow?
I tried to add EC2 A to the Elastic Load Balancer but it keeps being OutofService, never got to InService mode.
OutofService indicates that your Elastic Load Balancer is either not ready, or the instances are failing their Health Check. If you point to the little "i" information icon, it will explain why an instance is not InService.
Within your Elastic Load Balancer, take a look at the Health Check tab and confirm that it is configured correctly. It will either be checking a URL (eg /index.htm) or checking a port (eg port 80). If your "A" servers are listening on port 80, the quickest way to pass the health check is to set it to TCP and set the Healthy Threshold to 2 attempts.
Your Security Groups should have these settings:
A Security Group on your Elastic Load Balancer (eg ELB-SG) that allows incoming traffic either from the whole Internet (0.0.0.0/0) or at least from your "EC2 B" instance (specifically, it should allow traffic where the source is the name of a security group associated with your B instance).
A Security Group on your "EC2 A" instances that allows incoming traffic from the security group on your Load Balancer (ELB-SG).
If you are worried that your Security Groups are incorrectly configured, start troubleshooting by opening up access to the entire Internet (0.0.0.0/0) and, once you have confirmed connectivity, progressively reduce access to the above settings.