I created VPC with public and private subnets like this:
public subnet : bastion server, elastic load balancer, igw
private subnet : ec2 instance(app is running with http 8080 port), nat gateway
Following is the listeners config.
load balancer protocol : http
load balancer port : 80
instance protocol : http
instance port : 8080
When I try with the command 'wget -O - http://elb-xxxxx.us-west-2.elb.amazonaws.com', the result is
Resolving elb-xxxxx.us-west-2.elb.amazonaws.com (elb-xxxxx.us-west-2.elb.amazonaws.com)...
52.x.x.x., 52.x.x.x, 54.x.x.x, ...
Connecting to elb-xxxxxx.us-west-2.elb.amazonaws.com (elb-xxxxxx.us-west-2.elb.amazonaws.com)|52.x.x.x|:80...
failed: Connection timed out.
However, status of load balancer is 'inService' and elb's healthcheck is working!(elb is calling the app's api normally)
When I installed my app on the bastion server in the public subnet, I could access to the app with web broswer and it worked normally.
In sum, VPC and its routing configuration seem to be correct, and elb is also watching the instance correctly.
However, if I try to access to app through elb with elb's DNS name, connection timed out error occurs.
I am stuck in this and need help from you..
I found the problem by myself. I mistakenly added both public and private subnet to elb.. Thanks though..!
Did you by any chance neglect to provide a security group with inbound port 80 open for your load balancer? Here's a link re: setting up security groups for ELB in EC2-classic or VPC.
Related
am trying to route console.example.com to an internal load balancer that is located in a private subnet. My current architecture is as follows:
I have a public VPC and a private VPC.
A React app is running on an ECS cluster and its service (console-service) is located in the private VPC.
The internal load balancer has two listeners: one for HTTP on port 80, which forwards requests to port 443, and the other for HTTPS on port 443, which forwards requests to the task definition for the console-service. Additionally, the listener on port 443 has a certificate for console.example.com.
The OpenVPN connector's instance is located in the public VPC.
The public and private VPCs communicate with each other via a transit gateway.
I know that the routes are working because if I reach the console-service's private IP (private-ip:3000), I can access the website. I also know that the certificate and load balancer are working because if I SSH into an instance that is located in the private VPC and curl console.example.com, I can access the website. I believe that the issue is with the configuration of the OpenVPN's DNS settings. Currently, I added a network application that is like console.example.com - my-network, but I still cannot access the website with the domain.
I found out I made a rookie mistake. I just need to add HTTP/HTTPS to the security group's inbound rules that I use for my load-balancer.
I have deployed a Strapi.io app on AWS EC2 Following the documentation provided by strapi.io on their site.
Everything went great but when i try to reach the public IP of my EC2 instance, it is unreachable.
I have checked assigned an elastic ip.
I have also checked the gateway and security group, every thing is good but still my IP is unreachable.
Security Group Setting
Check your routing table of the subnet. If it routes the cidr 0.0.0.0/0 to the internet gateway, then the subnet is public and can connect by the public ip. If it routes to the NAT gateway, then the subnet is private and you need the load balancer or bastion to connect the ec2 on the private subnet by private ip. On the private subnet, the public ip is useless.
The issue here is that you need a web serever or reverse proxy like nginx, apache to listen on the port 80 and server your application. Currently, you would not have a web server configured for your app so you do not get any response when you hit the IP Address in your browser.
I am trying to create following infrastructure using terraform.
LoadBalancer -> ECS-Service -> Fargate (nginx images, count=2)
After applying terraform plan, I can see that a target groups shows two healthy targets. But when i try to access loadbalancer dns name from browser, I am getting request-timeout. Ping is also not working for lb dns name.
Loadbalancer is an non-internal application loadbalancer with security-group allowing all traffic on 80 port to all IPv4.
Need help.
Did you configure LB in the public subnet? seems like it's in a private subnet, and did you tried to access the application from aws network to verify the LB working inside AWS VPC network?
curl lb_dns
or
nslookup lb_dns
from any ec2 machine within the VPC if that worked, its mean the LB in only reachable with in private subnet, move LB to public subnet and should work.
We have a web-application page exposed at port 9090 on an EC2 instance that lives in the private subnet of our AWS setup.
We have a bastion host that is in the public subnet, and it can talk to the instance in the private subnet. We can also ssh to the instance thru the ssh tunnel of the bastion.
Is there a guide to setting up a proxy on this bastion host to access the webpage in the browser that is served on the http://PrivateSubnetEC2Isntance:9090/, by redirecting the traffic to/from http://PublicBastion:9090/?
I tried setting up a HAProxy (on bastion), but it doesn't seem to work: there are no errors in the HAproxy logs, but accessing the page http://PublicBastion:9090 just times-out.
Though this is not an answer, most likely it could be due to:
Security group rules: Did you open port 9090 for everyone in Bastion security group?
Is your HAProxy listening on 0.0.0.0 and not on 127.0.0.1?
I have setup an internet facing classic load balancer and when I provision an EC2 instance with a public IP address the load balancer can do the health check successfully but if I provision an identical instance without a public IP address the health check always fails. Everything is the same apart from not adding a public IP address. Same subnet, security groups, NACL etc.
The health check is TCP 80 ping. I have a web server on all instances and LB is listening on port 80.
Any ideas why it could be failing?
Solved. The instance without a public IP is failing to download and install the web server (httpd) so that is why the TCP 80 ping is failing. To access the web I need to use a NAT gateway or put a public IP on it.
curl -I 80 will show you if your web server is listening on that port.