I am trying to configure an AWS Application Load Balancer to load balance multiple applications (4) running on two EC2 instances.
My application architecture is as follows:
instance 1 (4 applications running on ports: 8080, 8081, 8082, 8083)
instance 2 (4 applications running on ports: 8080, 8081, 8082, 8083)
I would like to use HTTP port 80 and create an entry for each of these ports.
I previously tried the classic load balancer configuration but this does not support listening for more than one HTTP port 80 entry.
I have never used the Application Load Balancer before, but have tried configuring a target group rule to test it out. My rule checks for the path /applicationName and the port to check is 8081 with the idea that my application url would include http://"ipaddress":8081/applicationName.
Ideally I would like to create a rule for each application.
Does anyone have any insight as to if this type of load balancer can even be used for this set up and if so, how to set it up properly?
You would have to create a target group for each application, like so:
Target Group A --> Instances 1 and 2, port 8080
Target Group B --> Instances 1 and 2, port 8081
Target Group C --> Instances 1 and 2, port 8082
Target Group D --> Instances 1 and 2, port 8083
Then on the ALB you would create 4 rules for port 80, like so:
Path /application1 --> Target Group A
Path /application2 --> Target Group B
Path /application3 --> Target Group C
Path /application4 --> Target Group D
Each application would need to be configured to serve the appropriate content at the specified path. I.e application1 would need to be configured to serve content at http://domain-name:8080/application1 etc.
You also have to configure a default path for port 80 in the ALB. I'm not sure what you would want that configured for in this instance, perhaps point it to one of your applications as the "default" if no path is specified.
Related
I’m learning about deploying microserrvices to AWS ECS
Currently my prj has deployed successfully but I’m getting some confusion of ALB listener and target group
Let’s say that I have two services, serviceA and serviceB, one running on port 4000, and one on port 4001
I created 3 target group, one listen on port 80 (default-trg), one on port 4000 (serviceA-trg), and one on port 4001 (serviceB-trg)
Then I created the ALB to do a path base routing, which have only one listener on port 80. I have then edited a rule for this listener to forward the request based on the path:
If path is /serviceA then forward to serviceA-trg
If path is /serviceB then forward requests to serviceB-trg
Otherwise it will forward the requests to the default-trg
These configure weren’t work. My tasks stopped because of “ELB can’t do a health check”
I have to create 2 other listeners, one listener is listening on port 4000 and target is serviceA-trg, and one listening on port 4001 and target group is serviceB-trg.
Could you please explain me why I have to do that to make my app work?
So approxiate for your explaination!
I am deploying the following relatively simple docker-compose.yml file on AWS ECS via the Docker CLI.
It uses tomcat server image which can be also replaced by any other container which does not exits of startup.
services:
tomcat:
image: tomcat:9.0
command: catalina.sh run
ports:
- target: 8080
published: 8080
x-aws-protocol: http
Commands used
docker context use mycontextforecs
docker compose up
The cluster, services, task, target, security groups and application load balancer are automatically created as expected.
But, the security group created by AWS ECS allows inbound traffic on ALL ports by default instead of only the exposed 8080.
Following is a screenshot of the security group, which also has a comment -
"tomcat:8080/ on default network"
But port range is "All" instead of 8080
I've read the following and some other stackoverflow links but could not get an answer.
https://docs.docker.com/cloud/ecs-compose-features/
https://docs.docker.com/cloud/ecs-architecture/
https://docs.docker.com/cloud/ecs-integration/
I understand that the default "Fargate" instance type gets a public ip assigned.
But why does ECS allow traffic on all ports?
If I add another service in the docker-compose file, the default security group gets shared between both of them.
As a result, anyone can telnet into the port exposed by the service due to this security group rule.
I have updated my question again. Below things i have done with AWS ALB.
Created Target group which is IP based to registered one instance with Port 80. I have created ALB listener with 443 IF Host header is zzzzz.example.com Then Forward to created Targetgroup. As well ALB Listener 80 THEN Redirect tohttps://#{host}:443/#{path}?#{query} Status code:HTTP_301. Its working fine. But its target group still unhealthy.
Created Target group which is Instance based to registered another one instance with Port 8443. I have tried to add in same Listener 443 IF Host header is yyyyy.example.com Then Forward to created Targetgroup. But its not worked as expected. its too unhealthy.
Where i'm wrong? How can i solve this one? Is my case logically right?
You can use AWS SDK to create a target group with the IP of new instance to forward 8443 port to 443 port and then attach it to the load balancer.
Here's how : How to create and attach a ELB properly in Boto3
I am setting up an application load balancer.
The ALB, has 1 listener
http: 80 to the target-group
target-group has port 3000
I also have an auto scaling group that points to the target group and is setup to create 2 instances.
Cluster group is setup, with service that runs 4 tasks.
I setup the service to use the alb and http:80 port. The
task created has a dynamic host port and container port 3000.
I have checked my security groups and I have inbound setup to accept port 3000, and 80 and outbound takes all traffic.
All the instances in the target-group are unhealthy
I can ssh into the ec2 instances and docker ps -a returns two docker containers.
I logged out and ran curl -i ec2-user#ec2-22-236-243-39.compute-4.amazonaws.com:3000/health-check-target-page I get
Failed to connect to ec2-user#ec2-22-236-243-39.compute-4.amazonaws.com port 3000: Connection refused
I tried same command with port 80 and I get
curl: (56) Recv failure: Connection reset by peer
I'm still learning AWS so hope this info helps. Let me know what I am missing here.
Thanks!
I am learning load balancer and I have 2 instances connected to my load balancer but I always get out of service error.
Node is running in port 3000
my port configuration: 80 (HTTP) forwarding to 80 (HTTP)
health check: HTTP:3000/
My health check
When you use "HTTP" ping protocol you have to upload a test file at the path "/" you cannot just use "/" in the path field.
Use the below setting and it will work.