Traffic doesnt flow whe using ALB as a target of NLB

Question

I have a client's requirement to use static public ip's for our applications, instead the ALB dynamic ip's.

For this escenario we have an NLB with EIP as static ip and is usingALB as a target of NLB. For testing purposes, we create a EC2 with a simple apache, NLB and ALB has listeners on port 80 and everything its working, we can use de DNS name in a browser and we have the apache Welcome page.

But, if we tried to use https its not working. For this last escenario we have the following configuration:
* NLB: 
         * Listener on TCP 443
         * ALB as a target group for NLB
         * AZ's matches between NLB and ALB
         * NLB is internet-facing

* ALB
        * Listener on https
        * Certificate configuration using aws certificate manager
        * Rule to target by default Apaches EC2
        * ALB is internal

We test the ALB with telnet and curl from another EC2 instance and is responding with the two commands, but when we used the NLB dns name, nothing happend.
We used the same subnets an AZ from the escenario with the port 80, what are we missing?

Best regards

Answer

The next troubleshooting step I would try is to assign the target group directly to the NLB - skip the ALB just for the time being to ensure that the NLB is operating correctly.

If that still doesn't work, please create a support ticket - from this forum we have very limited (close to no) visibility of customer environments but the support team can help.

Another question has been asked which references this question and provides some other context; my other answer my therefore be better: https://repost.aws/questions/QU94k_s2LyRd-hJRloOlzAwQ

Traffic doesnt flow whe using ALB as a target of NLB

Contenido relevante