By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ECS w/ Fargate and AWSVPC network mode - connetion to localhost refused

0

My app consists of 2 containers running on the same task - a vue 3 frontend and flask api backend running on gunicorn on port 5000. I have opened ports 80 and 5000 on the containers, respectively and also added the ports to security groups. When I try to connect from the frontend to the backend using http://localhost:5000/resource or http://127.0.0.1:5000/resource, I get connection refused error. I can access the API with the tasks public IP on port 5000. Maybe it's of importance, but the API also refuses to connect with the application load balancers DNS address on port 5000, while front end loads without issues.

Also tried to connect using the container name as host, but no luck there.

EDIT: I checked gunicorns logs and it seems that the connection from frontend doesn't reach it.

Topics
ServerlessContainers
Tags
AWS FargateAmazon Elastic Container Service
Language
English
zz
asked a year ago1040 views
1 Answer
0

Hello :) FYI you don't need to open the security group of your container to itself if it is going to make calls internally over localhost etc., however, you definitely need to have the LB SG granted access to your application. If it is only to the frontend, use the frontend ports.

As for the localhost:5000, I am not sure why this is not working for you. Connection refused could be because your gunicorn API is not actually running? Eitherway, to be able to scale properly, I would recommend to use a different ECS Service, one for your frontend, one of your backend. Then you can use ECS Connect or AppMesh to perform frontend-to-backend API calls routing. You can also use very basic DNS based routing for that, I just think that using something like AppMesh can give you a lot more features out of the box.

profile picture
JohnPreston
answered a year ago
  • zz
    a year ago

    Thanks for the answer. The gunicorn API is most definitely working as I'm able to connect using the public IP of the task. Really puzzled by this as it's my understanding that inter container communication should work out of the box with AWSVPC network mode within the same task.

  • JohnPreston
    a year ago

    Okay, this is very odd then. I have had many applications do exactly that with typically NGINX pass to localhost to another app etc. Have you maybe bound your gunicorn app only on the eth0 which is quite possible. Check that your gunicorn listens both on "eth0" and the loopback interface

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content