By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Use Loadbalancer with Cloudflare and Multisite

0

Target:

I want to create an autoscaling group where I will host 2 to 3 sites. If the primary instance CPU usages increases to 80% then Autoscaling will create another instance and transfer the load into 2nd instance. And those sites will be in Cloudflare using cloudflare proxy for CDN (Domain's are unable to move from cloudflare).

Problem:

I created an autoscaling group with load balancer. When I am adding a DNS record into Cloudflare with Cname

test1.example.com cms-load-balance-1797445039.ap-south-1.elb.amazonaws.com Proxied Auto

it's giving 521 host error with proxy on, when proxy status turned off it's giving error connection refused. The security group accepts traffic from all IP addresses.

How can I solve it?

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2ComputeApplication Load BalancerSecurity Group
Language
English
mrfathi
asked 8 months ago201 views
2 Answers
0

Check the security group on the ALB allows traffic from the cloudflare proxy IPs https://www.cloudflare.com/ips/ and the security groups on the EC2s allow traffic from the ALB.

Also check the target group instance health status is available and not down.

HTTP Works http://cms-load-balance-1797445039.ap-south-1.elb.amazonaws.com/

Check you have a HTTPS listener on the ALB to if you require it.

profile picture
EXPERT
Gary Mclean
answered 8 months ago
  • mrfathi
    8 months ago

    What If in security group I allow traffic from all source? I added cloudflare IP's in the security group still same.

  • Gary Mclean EXPERT
    8 months ago

    If all then thats fine but its not locked to cloudflare.. Is it http or https thats failing?

  • Gary Mclean EXPERT
    8 months ago

    Id look at your http and https settings. Is cloudflare doing https proxying also?

  • Gary Mclean EXPERT
    8 months ago

    Id look at your HTTPs listener settings on your ALB

  • mrfathi
    8 months ago

    Hi, Thanks. I wasn't adding SSL for 443 port in the target group. But I have a question, I will host multiple sites Ex: example.com test.com, but will there be any issue with the SSL setting in the target group! Or is there any way to get universal SSL from the cloudflare?

0

Update: *If I directly add the instance IP address into the DNS record as A record then the site is visible.

mrfathi
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content