- Newest
- Most votes
- Most comments
502 is usually from the EC2 instance sending the ALB (application load balancer) an unexpected response: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#http-502-issues
What port is the target group set to send traffic to the instance on? Since the ALB is sending HTTP traffic to the backend, you should be sending it on port 80. If your target group is sending HTTP traffic to the instance on port 443, the instance will reply with a TCP RST response, since the webserver would be expecting HTTPS requests on port 443
In fact, you can use the same target group for both your HTTP and HTTPS listeners, since the traffic going to the backend EC2 instance is the same for both
Health check and target configuration I am target group can be setup different from each other.
You can have a http health check and try and forward packets to http port using ssl. This will work and error.
Ensure your traffic port in the target group is by the sounds of it http only.
Thanks Gary. I can confirm that my trafic port in target group is http only.
Hello,
i hope you are already offloading your the TLS connection at ALB and then create a target group pointing to port 80 on the instance(s), and then set the default rule on the HTTPS listener to send traffic to that target group.
Follow below link to make sure your settings are correct. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html:
for 502 Possible causes could be :
The load balancer received a TCP RST from the target when attempting to establish a connection.
The load balancer received an unexpected response from the target, such as "ICMP Destination unreachable (Host unreachable)", when attempting to establish a connection. Check whether traffic is allowed from the load balancer subnets to the targets on the target port.
The target closed the connection with a TCP RST or a TCP FIN while the load balancer had an outstanding request to the target. Check whether the keep-alive duration of the target is shorter than the idle timeout value of the load balancer.
The target response is malformed or contains HTTP headers that are not valid.
The target response header exceeded 32 K for the entire response header.
The deregistration delay period elapsed for a request being handled by a target that was deregistered. Increase the delay period so that lengthy operations can complete.
The target is a Lambda function and the response body exceeds 1 MB.
The target is a Lambda function that did not respond before its configured timeout was reached.
The target is a Lambda function that returned an error or the function was throttled by the Lambda service.
you can check below link for troubleshooting.
Thanks Sachin, i'll check the link about load balancer listeners settings.
Relevant content
- asked a year ago
- asked 3 years ago
- asked a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
Thanks Shahad for your response. But my target group send the trafic to EC2 on http (port 80). i'll check the link about 502 issue :-)
Shahad, you're right, i just need only one target group on http and now it work fine.