By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Load balancer : 502 bad gateway

0

Hi Everyone,

I'm a french developper (sorry for my english mistakes), beginner in AWS hosting.

Currently, i'm developping an API. It works fine in http but i've a 502 Bad Gateway in https.

My environment is architectured like this :

  • A load balancer with a target group and two listeners (http and https). The https target group take https packets and forward theses packets in http to an EC2 instance. The target group has a health status in green state (Healthy).
  • An unique EC2 instance (for this moment)

I've created a S3 container in order to store logs about load balancer access. The elb_status_code is "502" and the target_status_code is "-", then my load balancer is the source of the HTTP 502 errors.

Something is missing in my load balancer configuration but i've no idea about the solution :-( If somenone has an idea to find a solution about this issue, it would be nice :-)

Regards, Stephane

Topics
ComputeNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
AWS Elastic BeanstalkWebsite HostingElastic Load BalancingAmazon EC2 Auto ScalingAWS Certificate Manager
Language
English
Stephane O
asked 6 months ago694 views
3 Answers
1

Health check and target configuration I am target group can be setup different from each other.

You can have a http health check and try and forward packets to http port using ssl. This will work and error.

Ensure your traffic port in the target group is by the sounds of it http only.

profile picture
EXPERT
Gary Mclean
answered 6 months ago
  • Stephane O
    6 months ago

    Thanks Gary. I can confirm that my trafic port in target group is http only.

0
Accepted Answer

502 is usually from the EC2 instance sending the ALB (application load balancer) an unexpected response: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#http-502-issues

What port is the target group set to send traffic to the instance on? Since the ALB is sending HTTP traffic to the backend, you should be sending it on port 80. If your target group is sending HTTP traffic to the instance on port 443, the instance will reply with a TCP RST response, since the webserver would be expecting HTTPS requests on port 443

In fact, you can use the same target group for both your HTTP and HTTPS listeners, since the traffic going to the backend EC2 instance is the same for both

AWS
Shahad_C
answered 6 months ago
profile picture
EXPERT
Gary Mclean
reviewed 6 months ago
  • Stephane O
    6 months ago

    Thanks Shahad for your response. But my target group send the trafic to EC2 on http (port 80). i'll check the link about 502 issue :-)

  • Stephane O
    6 months ago

    Shahad, you're right, i just need only one target group on http and now it work fine.

0

Hello,

i hope you are already offloading your the TLS connection at ALB and then create a target group pointing to port 80 on the instance(s), and then set the default rule on the HTTPS listener to send traffic to that target group.

Follow below link to make sure your settings are correct. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html:

for 502 Possible causes could be :

The load balancer received a TCP RST from the target when attempting to establish a connection.

The load balancer received an unexpected response from the target, such as "ICMP Destination unreachable (Host unreachable)", when attempting to establish a connection. Check whether traffic is allowed from the load balancer subnets to the targets on the target port.

The target closed the connection with a TCP RST or a TCP FIN while the load balancer had an outstanding request to the target. Check whether the keep-alive duration of the target is shorter than the idle timeout value of the load balancer.

The target response is malformed or contains HTTP headers that are not valid.

The target response header exceeded 32 K for the entire response header.

The deregistration delay period elapsed for a request being handled by a target that was deregistered. Increase the delay period so that lengthy operations can complete.

The target is a Lambda function and the response body exceeds 1 MB.

The target is a Lambda function that did not respond before its configured timeout was reached.

The target is a Lambda function that returned an error or the function was throttled by the Lambda service.

you can check below link for troubleshooting.

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#http-502-issues

Sachin
answered 6 months ago
  • Stephane O
    6 months ago

    Thanks Sachin, i'll check the link about load balancer listeners settings.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content