- 新しい順
- 投票が多い順
- コメントが多い順
-
Certificate Issues: First of all, check the self-signed certificates. Ensure that the certificates are correctly generated and are accessible by the Envoy container. Make sure the paths in the envoy.yaml (/etc/ssl/envoy.crt and /etc/ssl/envoy.key) are correctly mounted to the envoy container and the Envoy process has read access to them.
-
Application Configuration: Check if your application container is correctly listening on port 8080 (as defined in the envoy.yaml file). You can test this by exec'ing into the application container and trying to connect to it on that port.
-
Envoy Logs: Check the Envoy container logs for any error messages. If Envoy is misconfigured or unable to establish a connection to your application, there should be log messages indicating this.
-
Network Configuration: Ensure your VPC, Subnet, Security Group configurations allow traffic from/to your ECS service and the ALB.
-
Health Checks: Check if your target group's health checks are correctly configured and are passing. If your target group's health check fails, the ALB will not route traffic to your task.
-
ALB Listener: Ensure that your ALB listener is set up correctly to forward traffic to your target group. The listener should be configured with a certificate and to listen on port 443.
If you continue to have problems, please provide more specific error messages or symptoms you are seeing. This will help in troubleshooting the issue further.
関連するコンテンツ
- AWS公式更新しました 3年前
- AWS公式更新しました 1年前
Thanks, Ercan for having a deep analysis, and answering them on a point basis.
1: Certificates are generated without any errors and pushed to ACm as well for the same and passed to Loadbalancer. Could you please suggest do we have any way to verify those certs are valid or having issues with the envoy to utilize those? 2: The application configures pretty much fine and I have tested passing public ip(assigned to the container) with 8080 it is popping up with results even though the same container service is having envoy with ssl into it, it is showing the results for only HTTP with 8080 port and remaining https is getting the error, as below, Test: C:\Users\sballu>curl http://3.129.73.195:8080/ The application is up and running! C:\Users\sballu>curl https://3.129.73.195 curl: (35) channel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid
3: I have not observed any error messages on envoy logs:
2023-08-02 09:19:24[2023-08-02 13:19:24.295][6][info][main] [source/server/server.cc:937] starting main dispatch loop 2023-08-02 09:19:24[2023-08-02 13:19:24.293][6][info][main] [source/server/server.cc:918] all clusters initialized. initializing init manager 2023-08-02 09:19:24[2023-08-02 13:19:24.293][6][info][config] [source/extensions/listener_managers/listener_manager/listener_manager_impl.cc:870] all dependencies initialized. starting workers 2023-08-02 09:19:24[2023-08-02 13:19:24.292][6][info][config] [sou