I am setting up an application load balancer.
The ALB, has 1 listener
http: 80 to the target-group
target-group has port 3000
I also have an auto scaling group that points to the target group and is setup to create 2 instances.
Cluster group is setup, with service that runs 4 tasks.
I setup the service to use the alb and http:80 port. The
task created has a dynamic host port and container port 3000.
I have checked my security groups and I have inbound setup to accept port 3000, and 80 and outbound takes all traffic.
All the instances in the target-group are unhealthy
I can ssh into the ec2 instances and docker ps -a returns two docker containers.
I logged out and ran curl -i ec2-user#ec2-22-236-243-39.compute-4.amazonaws.com:3000/health-check-target-page I get
Failed to connect to ec2-user#ec2-22-236-243-39.compute-4.amazonaws.com port 3000: Connection refused
I tried same command with port 80 and I get
curl: (56) Recv failure: Connection reset by peer
I'm still learning AWS so hope this info helps. Let me know what I am missing here.
Thanks!
Related
I have cluster with two Debian servers on gcp. Both servers behave as ntp server. When I tried to use on my laptop ntpdate with IP of one of server it returns:
9 Nov 14:05:05 ntpdate[9406]: adjust time server IP offset -0.017810 sec
I would like to use gcp load balancer for ntp but it does not work. I tried command ntpdate LB_IP
on my laptop and on different gcp server in same network and on both I got response "no server suitable for synchronization found". I use same LB for another application in cluster running on TCP port which works fine via LB.
LB for ntp has frontend UDP with public LB IP and port 123. Backend for instance group with both servers where I set port name mapping ntp 123. Health check is done via tcp port (gcp shows server healthy).
I see in wireshark on my laptop request without response. Request contains:
Source: 10.0.2.15
Destination: LB_IP
Protocol: UDP (17)
User Datagram Protocol, Src Port: 123, Dst Port: 123
Can anyone know why LB not response on UPD port 123?
I have Elasticseasrch and Kibana installed on EC2 instance where I am able to access Elasticsearch using on this url http://public-ip/9200. But I am unable to access Kibana using http://public-ip/5601.
I have configured kibana.yml and added certain fields.
server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: 0.0.0.0:9200
On doing wget http://localhost:5601 I am getting below output:
--2022-06-10 11:23:37-- http://localhost:5601/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5601... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83731 (82K) [text/html]
Saving to: ‘index.html’
What am I doing wrong?
Server Host set to 0.0.0.0 means it should be accessible from outside localhost but double check that the listener is actually listening for external connections on that port using netstat -nltpu. The server is also accessible on it's public IP on port 9200 so try the following:
EC2 Security Group should inbound TCP traffic on that port 5601 from your IP address.
Network ACLs should allow inbound/outbound TCP traffic on port 5601.
OS firewall ( e.g. ufw or firewalld ) should allow traffic on that port. You can run iptables -L -nxv to check the firewall rules.
Try connecting to that port from a different EC2 instance in the same VPC. It is possible that what ever internet connection you are using may have a firewall blocking connections on that port. This is common with corporate firewalls.
If these fail, next you want to check if the packets are reaching your EC2 instance so you can run a packet capture on that port using tcpdump -ni any port 5601 and check if you have any packets coming in/out on that port.
if you don't see any packets on tcpdump, use VPC Flow Logs to see if packets are coming in/out that port.
Considering the kibana port (5601 ) is open via security groups
I could able to resolve the issue by updating config server.host:localhost to server.host:0.0.0.0
and elasticsearch.hosts: ["http://localhost:9200"] (in my case kibana and ES both are running on the same machine) in kibana.yml
https://discuss.elastic.co/t/kibana-url-gives-connection-refused-from-outside-machine/122067/8
I remember doing it before but now it seems I have forgotten the process.
I want to create an HTTPS listener for an ALB. However, I don't have anything in my ec2 running on 443.
Should I configure a reverse proxy which points 443 to the app running port or add my HTTPS listener with port 80 HTTP target group?
Could someone help me with this?
You need a single Target Group pointing to your EC2 instance on port 80.
Then you can create a port 443 listener on the ALB that uses that target group. You will have to attach an SSL certificate to the listener when you create it. The ALB will terminate the SSL connection and send the request to the backend server over port 80.
I am using an https load-balancer, on the top of an instance group.
I want to set on one server that he will listen on port 443, a second one that will listen on port 444 and the third that will listen on port 445.
How should I add the TCP backend service to existing https load balancer google cloud?
You want to create a HTTPS loadbalancer listening on the 443 port and forwarding the traffic to serves listening on different pots. The encrypted connection will be terminated on the loadbalancer from there the traffic will be sent to the Backends.
When you add the backends to the loadbalancer you will have to select the port to which you redirect the traffic for each one of them.
Therefore having 3 ports would require having three backends serving on the port 443, 444, 445.
In order to add a backend you can run the following command or edit the loadbalancer from the console:
gcloud compute backend-services add-backend BACKEND_SERVICE_NAME [...]
I have an EC2 instance on Amazon (AWS). The instance is behind a ELB (Elastic Load Balancer). I want to allow HTTPS connections to reach the EC2 instance.
Is it necessary to have the load balancer configured for HTTPS, ie, to check the certificates etc, or can this just be done traditionally within the EC2 instance and virtual host SSL configuration ?
The reason I'm asking is because I have allowed traffic via ELB -> EC2 for port 80 and 443, but only port 80 reaches the instance.
EDIT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00021s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
EDIT 2
Here is my other stack overflow questions explaining the bigger problem I have, hence why I opened this question. HTTPS only works on localhost
Check whether any application is running on port 443.
Use this command to check:
nmap -sT -O localhost
EDIT
Add the certificate files on the server and then upload them to IAM using the command:
aws iam upload-server-certificate --server-certificate-name my-server-cert
--certificate-body file://my-certificate.pem --private-key file://my-private-key.pem
--certificate-chain file://my-certificate-chain.pem
For more info check this:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html