Problem setting up Classic Load Balancer that needs to connect to private IP on EC2 port 8080 (Tomcat App server)


I have setup a Classic Load balancer on port 80 (internet facing). I added an A record for the host and set the IP to the Load Balancer IP. I can telnet to port 80 (Eg and I get connected.

How do I have the Internet facing Load balancer be able to communicate with a Tomcat server on a private address on my EC2 instance. I can serve the app while RDPd info my instance by http://<private IP>:8080/myapp and the app loads.

What am I missing? thanks Charlie D

asked 8 months ago361 views
3 Answers
Accepted Answer

Check your security groups.

Load balancer security group should allow inbound TCP on port 80 (and it sounds like this is in place), and outbound TCP on port 8080 whose target is either:

  • the private IP address of the EC2 that runs tomcat
  • the CIDR address of the subnet in which the tomcat EC2 is provisioned
  • the security group ID (sg-01234567890abcdef) of the SG that is associated with the tomcat EC2

EC2 security group should allowe inbound TCP on port 8080 from either:

  • the private IPs of the load balancer
  • the CIDR address ranges of the private subnets in which the load balancer is provisioned
  • the security group ID of the SG that is associated with the load balancer.

After all that it may still not work for you though. I can't find a definitive statement but I have a feeling that a classic load balancer can only forward a connection onto an IP address only, and can't append a path. So in your example here - http://<private IP>:8080/myapp - it will only forward to http://<private IP>:8080/ and you would need to do some reverse-proxying on the EC2 to redirect this to /myapp

Or use an application load balancer, which gets around this issue.

profile picture
answered 8 months ago
profile picture
reviewed 23 days ago
  • It still does not work and I am getting no evidence of a request on the EC2 tomcat host at 8080. here is what I know...

    I allowed for INBOUND traffic to the load balancer on port 80 (IPV4 and IPV6) I can telnet to the public address (PIV4) of the load balancer on port 80 and it is listening.

    I allowed for OUTBOUND traffic on the load balancer on port 8080 to the EC2 Security group. Port 8080 is open on my EC2 Windows Defender Firewall

    I also allowed outbound traffic to pl-0068613c321dee54b -

    Inbound Rules

    sgr-070ce410eb01f3adf – Custom TCP TCP 8081 sg-0e1d80d021bef3ee2 / EC2 2023 SPHOF Classic Load Balancer sgr-07f2d0c61cdf80304 – Custom TCP TCP 8080 pl-0068613c321dee54b ( LB Health sgr-0f2ce92dae5c00452 – Custom TCP TCP 8080 sg-0e1d80d021bef3ee2 / EC2 2023 SPHOF Classic Load Balancer sgr-0245a35fc3a359755 – Custom TCP TCP 8081 pl-0068613c321dee54b ( LB Health

    Is there a logfile for a Load Balancer? I feel like I am running blind as I can only test the listen on the Load balancer. Please advise thx Charlie D

  • On the load balancer, in "Listeners and routing" can you confirm that Listener is HTTP:80 and Instance is HTTP:8080 ?

  • The health check was set to http://<host>/index.html. Surprisingly, I didn't get a 404 in the status graphs of the LB. Once I changed it to index.jsp, I had to delete the instance from the load balancer and then add it again. Then the instance passed the health check. Thanks for your help with this.

    This leads to another question. I will have 2 Tomcat instances listening on 8080 and 8081. Is there a way with the newer load balancers to have health checks on both ports (it would be the same host) ? Usually when I deploy, I keep 1 tomcat instance up while stopping and deployed a new war file on the other. Hence my question. Thanks Charlie D


Have you correctly configured the security group? See here.

answered 8 months ago

To add a TCP listener on port 8080, select your Load Balancer in the console, go to Listeners -> Manage listeners, -> Add listener, then add TCP port 8080 and Save the changes.

A tutorial on how to create a Classic Load Balancer can help too (use port 8080 instead of 80).

answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions