Is it possible to set up an App Load Balancer on AWS to be both internal and externally accessible? For example, a web application has an admin dashboard located at /admin and it'd be great to have that only accessible via a VPN and have the rest of the site public.
The scheme (internet-facing | internal) is a property of the load balancer itself, and can't be controlled independently at the listener level, so no you won't be able to have one rule's path only resolvable within your VPC, and another rule Internet facing.
http://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_CreateLoadBalancer.html
Related
I have 3 containers deployed on ecs and traffic is distributed by an application load balancer, swagger on this individual containers can be accessed via e.g 52.XX.XXX.XXX/swagger.
I need the services to be accessed via for e.g:
52.XX.XXX.XXX/users/swagger
52.XX.XXX.XXX/posts/swagger
52.XX.XXX.XXX/comments/swagger
I've tried add the following the loadbalancer rules
PATH /users* or /users/
PATH /posts* or /posts/
PATH /comments* or /comments/
I get a 404 error when i visit the load balancer dns for example myapp-lb-4283349.us-east-2.elb.amazonaws.com/users/swagger
You can't achieve that with AWS Load Balancer alone. AWS LB doesn't re-route traffic based on paths. They just forwards the incoming traffic to origin.
Your service should be accessible via 52.XX.XXX.XXX/user/swagger 52.XX.XXX.XXX/posts/swagger etc. in order for Load Balancer to forward it. You can't forward (or re-route) your traffic from Load Balancer like this:
LB_URL/user/swagger -> IP/swagger
The missing /user/ part is not something Load Balancer can do for you. Update your application itself and add specific routes which you want to listen on.
I am using a Load Balancer with Elastic Beanstalk. I want to redirect any host that is different than domain.com to domain.com.
Is that possible to achieve with an AWS load balancer?
This is actually quite easy and fully supported by the AWS ALB.
What you're looking to do is to add a Host header based rule. The steps below should be followed:
Find your Application Load Balancer
For each listener select View/Edit Rules
Click the + symbol at the top of the console to add your rule, specify that the rule is a host header rule with a target of your target group.
Edit the default rule, remove the action and set to a redirect action (as show in the below screenshot).
By adding the host header rule with a target as the target group for you app, it will only connect to your hosts for the correct host name.
Otherwise have the default action be a redirect action to redirect to the domain you specify.
Framework: .Net core 2.0
Hi everyone,
I have deployed let's say 3 applications on the same EC2 instance which are websites (front end angular js and 2 web apis for authentication and communication). How do I setup a single load balancer for catering requests for all of the 3 websites using HTTPS?
These websites communicate among each other for authentication and providing the required data between them.
The websites are deployed on the EC2 using hostnames on the IIS and they are accessible directly through the hostnames. Is there another/better way to deploy them instead of hostnames only?
When setting up a load balancer, you would have to configure listeners for it, wherein you mention the ports through which you would want to access your application. And in the listeners you would have to mention target groups to which you would route traffic, based on hostnames / host headers.
So, here are the steps to follow.
Since all your traffic has to anyway go to the same instance, you would have to create one target group and register the instance that you have already created with traffic routed through the 80 port.
Now, coming back to the ELB configuration, you would need to create a HTTP listener (port 80) that would have a default rule to redirect all traffic to HTTPS (port 443).
In the same ELB, create a HTTPS:443 listener, where (usually) you would have different listener rules depending on what are the hostnames of your sites in IIS. But just for simplicity, configure the default rule to route all traffic to the target group created in the step above (once we check if traffic is flowing right, we can change the configuration to improve security).
That's all!
With the right security group whitelisting, your traffic should flow into your instance through the ELB.
Congratulations! That should be enough...
... unless you want to make sure that ONLY the requests related to those sites flow into your instance, then, once you are sure that the traffic flow is right, you can create another listener rule in your ELB's HTTPS:443 listener, wherein you can configure the following setting:
IF Host Header is frontend.website.com OR webapi1.website.com OR webapi2.website.com THEN Forward to (target group created in Step 1)
I have a kubernetes service I exposed with a custom domain name. When I try to access the service using custom domain, it fails (just loading forever). But if I use the IP, it works. Do I need to configure something somewhere? I am using GKE.
When I ping the URL, its trying to hit the correct IP. Also ping works.
The LoadBalance service is a layer 4 load balancer and thus only uses the IP to route traffic to your backend pods. If ping works and the site loads correctly when you use the IP address, this shows that the load balancer is directing traffic correctly.
There is likely a setting in your webserver that is looking at the URL and is having issues loading when a URL is used. Check your container logs to see if any errors are returned when you use a URL instead of IP.
Sorry in advance if this doesn't make much sense. I'm fairly new to this, so bear with me please.
I'm trying to specify a domain to a specific folder depending on the domain name the user use (example.com or test123.com), through Amazon Elastic Load Balancer (Application load balancer to be specific).
My current setup is that all traffic from the internet goes to a Load Balancer (ELB), from there it round robin between 2 EC2 instances. Both instances are connected to an Amazon Network File System (EFS), as well as a Relational Database (RDS).
I can access the website(s) fine through the DNS of the load balancer (http://web-load-balancer-efs-16512354.us-east-1.elb.amazonaws.com/example/)
What I want to do now set it up so that if someone put example.com as their url it will point to the Load Balancer and from there the server will use the correct folder as root (www.example.com document root would be http://web-load-balancer-efs-16512354.us-east-1.elb.amazonaws.com/example/, but the URL will still be www.example.com).
I created a hosted zone on Route 53 to point the domain name to my load balancer, but currently my load balancer which leads to one of the ec2 instances. Currently the ec2 document root is /var/www/html/efs-mount/.
Is there a way for me to have multiple document root depending on the domain name?
I stumble on something about putting multiple TLS/SSL certificate on your listener and through SNI protocol it'll be able to find right place? http://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates. I'm not sure if this is what I need, or I'm completely off track.
If someone can point me to the right direction on how to do this that would be great.
Thanks
You are indeed off track.
While ALB with multiple SSL certificates may be a part of your strategy, since it allows you to attach multiple ACM certificates to a single instance or group of instances, ALB does not re-write the paths of the incoming requests or determine how the instance resolves web paths into filesystem paths.
This is something configured in your web server itself. Start by searching for something like "name based virtual hosting." Each domain name will specify it's own "document root" in the web server configuration files.