Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!
DocumentDB connectivity issue using reverse proxy
We have configured an EC2 instance in same network where AWS DocumentDB cluster is hosted. Nginx reverse proxy is set up on EC2, pointing to DocumentDB cluster and we were able to connect to AWS DocumentDB cluster using EC2 public IP from outside of VPC network.
But now, if we try to perform a connectivity test from EC2 instance where reverse proxy is running, we are getting an error
Also Intended ports are open for connection.
Note:
- If we try to connect DocumentDB cluster using DocumentDB cluster connectivity string and using the same EC2 as SSH, then it connects successfully.
- TLS is disabled.
Currently, there is following Schedule change event is going on for ap-south-1 region. Docdb DB patch upgrade maintenance scheduled
I suspect this change might be causing that issue also we are using DocumentDB Engine version 4.0.0. For one of the cluster I've updated Engine version 5.0.0 but it didn't resolve the issue.
Thank you
- Newest
- Most votes
- Most comments
Based on the information provided, it seems that the connectivity issue you're experiencing with your DocumentDB cluster through the Nginx reverse proxy on your EC2 instance is not likely related to the scheduled maintenance or the engine version upgrade.
The error message "Connection failed: SocketException: Connection refused" suggests that there might be an issue with the Nginx configuration or the way the reverse proxy is set up to connect to the DocumentDB cluster.
Since you're able to connect directly to the DocumentDB cluster using the cluster's connectivity string from the same EC2 instance, this indicates that the network connectivity between the EC2 instance and the DocumentDB cluster is functioning correctly.
Here are some steps you can take to troubleshoot and potentially resolve the issue:
-
Double-check your Nginx configuration to ensure that it's correctly set up to proxy connections to the DocumentDB cluster. Make sure the upstream server in the Nginx config is using the correct DocumentDB endpoint and port.
-
Verify that the Nginx service is running and listening on the expected ports. You can use the
netstatorsscommand to check this. -
Check the Nginx error logs for any specific error messages that might provide more insight into the connection failure.
-
Ensure that the security group associated with your DocumentDB cluster allows inbound traffic on port 27017 (or the port you're using) from the EC2 instance's security group or private IP.
-
If you're using TLS for the connection between Nginx and DocumentDB (even though you mentioned TLS is disabled), make sure the necessary certificates are properly configured in Nginx.
-
Try connecting to the DocumentDB cluster directly from the EC2 instance using a MongoDB client to rule out any issues with the cluster itself.
-
If possible, temporarily disable any firewalls on the EC2 instance to ensure they're not interfering with the connection.
If none of these steps resolve the issue, you may need to review your Nginx reverse proxy setup in more detail, as the problem is likely related to how Nginx is configured to handle the connection to DocumentDB rather than an issue with DocumentDB itself or the network configuration.
Sources
Database handshake failed from RDS Proxy to RDS Postgres Instance in Cluster | AWS re:Post
Unable to connect to old DocumentDb Cluster | AWS re:Post
The connection was sucessful via your telnet command in your screen shot. If the connection is encrypted you will not see any data
I see no issues here
Relevant content
- asked a year ago
- asked 5 months ago
- asked a year ago
AWS OFFICIALUpdated 2 years ago
