Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Is it possible to do SSL Passthru with ALB?

0

Customer who is using the following design (see below)..

As of now when the request is passed thru the ALB, we get a HTTP 502 error. The application on the EKS Pods is an IIS-based windows web application which returns this error since it does not get the hostname that is used to hit the ALB. It seems the ALB is removing the hostname and sending the private ip to IIS which then does not recognize its site binding settings.

Please note that this works when the request is made directly via the NLB i.e. when we skip the ALB.

So question is - is there a way to make ALB "pass thru" the hostname HTTP header to the IIS server on the EKS pod?

Topics
Networking & Content Delivery
Tags
Networking & Content Delivery
Language
English
asked 6 years ago3.2K views
1 Answer
0
Accepted Answer

If host header is present in the client request, the ALB will passthrough this information. If there is no hostheader in the client request the ALB will insert its own DNS name in the host header. It is possible that the Ingress controller is stripping the host header information as SSL passthrough it may not be enabled by default

https://docs.giantswarm.io/guides/advanced-ingress-configuration/

A combination of ALB access logs and Ingress controller logs along with the EKS IIS logs can help you identify the issue. Please note that Private IP of the ALB nodes will be used to communicate to the backends but that should not affect the IIS logic which is looking at the host header information.

AWS
answered 6 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content