Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

ECS w/ Fargate and AWSVPC network mode - connetion to localhost refused

0

My app consists of 2 containers running on the same task - a vue 3 frontend and flask api backend running on gunicorn on port 5000. I have opened ports 80 and 5000 on the containers, respectively and also added the ports to security groups. When I try to connect from the frontend to the backend using http://localhost:5000/resource or http://127.0.0.1:5000/resource, I get connection refused error. I can access the API with the tasks public IP on port 5000. Maybe it's of importance, but the API also refuses to connect with the application load balancers DNS address on port 5000, while front end loads without issues.

Also tried to connect using the container name as host, but no luck there.

EDIT: I checked gunicorns logs and it seems that the connection from frontend doesn't reach it.

Argomenti
ServerlessContainer
Tag
AWS FargateServizio container Amazon Elastic
Lingua
English
zz
posta un anno fa1078 visualizzazioni
1 Risposta
0

Hello :) FYI you don't need to open the security group of your container to itself if it is going to make calls internally over localhost etc., however, you definitely need to have the LB SG granted access to your application. If it is only to the frontend, use the frontend ports.

As for the localhost:5000, I am not sure why this is not working for you. Connection refused could be because your gunicorn API is not actually running? Eitherway, to be able to scale properly, I would recommend to use a different ECS Service, one for your frontend, one of your backend. Then you can use ECS Connect or AppMesh to perform frontend-to-backend API calls routing. You can also use very basic DNS based routing for that, I just think that using something like AppMesh can give you a lot more features out of the box.

profile picture
JohnPreston
con risposta un anno fa
  • zz
    un anno fa

    Thanks for the answer. The gunicorn API is most definitely working as I'm able to connect using the public IP of the task. Really puzzled by this as it's my understanding that inter container communication should work out of the box with AWSVPC network mode within the same task.

  • JohnPreston
    un anno fa

    Okay, this is very odd then. I have had many applications do exactly that with typically NGINX pass to localhost to another app etc. Have you maybe bound your gunicorn app only on the eth0 which is quite possible. Check that your gunicorn listens both on "eth0" and the loopback interface

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente