Questions tagged with Application Load Balancer

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Problem on Application load balancer with rule: Health check only responds on the default rule

Hi everyone I have 3 microservices running on an **ECS cluster**. Each microservice is launched by a **Fargate task**. Each microservice runs in its own Docker container. * *Microservice A* responds on port 8083. * *Microservice B* responds on port 8084. * *Microservice C* responds on port 8085. My configuration consists of two public subnets, two private, an internet gateway and a NAT, as well as two security groups, one for fargate services and one for ALB. On the security groups I have enabled inbound traffic on all ports. I have defined a listner for the ALB that responds on port 80 and wrote some path-based rules to route requests to the appropriate target group (*every target group is a Target type*) :![Enter image description here](/media/postImages/original/IM8oFOWQXjQEuDjdKe3PeGgw) Only the health check of the target group that responds to the default rule responds ( but I suspect it all happens randomly) , and consequently only the service reachable on port 8083 works ![Enter image description here](/media/postImages/original/IMtOk5-EqJRrmxLa49ium6hg) The remaining target groups are **unreachable**. What you notice is that in the "*Registered Target"* section the assigned IP addresses change continuously. For example: ![![Enter image description here](/media/postImages/original/IMkdJ_RNqsTJazJ3J8j4foqw) Enter image description here](/media/postImages/original/IMCm7LLgy1QJKk0JsLC3XlGg) But every time IP assigned it generates a timeout. It can happen quite randomly that a certain IP address is registered correctly. These are the ECS configurations of one of the unresponsive services: ![Enter image description here](/media/postImages/original/IMOdt86JdpS_2paN_elspK5g) What is the problem and how can I solve it? Thank you. **UPDATE1** I tried to add a new instance for microservice A. For the new IP (10.0.0.137) the health check is not responding. After a few minutes, the provisioning of a new IP (10.0.0.151) appears and it is registered correctly: ![Enter image description here](/media/postImages/original/IMUcZubrfCRrGo-fpqYAvSJQ) **UPDATE2** It is really strange behavior. **All services are now connected correctly**, after several hours of failed attempts. It looks like an IP address assignment problem. Before finding the correct address, AWS makes several attempts with different IP addresses until it randomly finds the correct one. These are the CIDRs of my PRIVATE subnets * private_subnets = ["10.0.0.128/28", "10.0.0.144/28"] * public_subnets = ["10.0.0.0/28", "10.0.0.16/28"] While these are the IPs that connected successfully: 1. 10.0.0.136 (micorservice A istance1) 2. 10.0.0.151 (micorservice A istance2) 3. 10.0.0.153 (micorservice A istance3) 4. 10.0.0.152 (micorservice B) 5. 10.0.0.142 (Microservice C)
3
answers
0
votes
48
views
zar1978
asked 2 months ago
1
answers
0
votes
33
views
asked 2 months ago

(resolved) Why am I getting a 401 error when signing in from Cognito's hosted UI?

Thank you for all your help. I would appreciate it if you could tell me if you know about the following events. 【Question】 Why do I get a 401 Authorization Required error when signing in from Cognito's hosted UI when integrating Cognito and ALB? 【Specific situation】 We have verified the integration between Cognito and ALB following the procedure in the following blog. [1] [1] I added authentication with Cognito to an environment where content is delivered with EC2 and ALB | DevelopersIO https://dev.classmethod.jp/articles/cognito-alb-secret/ The procedure itself was all successful, but I had a personal concern. That is, what would be the behavior if I signed in from Cognito's hosted UI instead of accessing the ALB's domain? I actually created a user in Cognito and clicked the "View Hosted UI" button from the Cognito console. The sign-in page appeared, so I signed in as a Cognito user and changed my password. However, the screen that appeared after the password change showed only 401 Authorization Required. After that, I tried accessing the ALB domain, and this time the EC2 page behind ALB was displayed correctly. This does not happen when signing in at the ALB domain, but only when accessing from the Cognito hosted UI. [Regarding the attached file] ・401 Authorization Required screen ![Enter image description here](/media/postImages/original/IM_hKXXqbkSBunEFZ80niBxw) ・Button to display Cognito's hosted UI ![Enter image description here](/media/postImages/original/IMyY2Bm5mDT1aj04CBHoqi1Q) ・Allowed callback URLs ![Enter image description here](/media/postImages/original/IMt25vrVgRR0-2F43bfqBvzw) We would be grateful if you could enlighten us on the above.
1
answers
0
votes
163
views
profile picture
mn87
asked 2 months ago

Django Daphne Websocket Access Denied

We need to establish a "Web socket connection" to our AWS servers using Django, Django channels, Redis, and Daphne Nginx Config. Currently local and on-premises config is configured properly and needs help in configuring the same communication with the staging server. We tried adding the above config to our servers but got an error of access denied with response code 403 from the server for web socket request. below is the **Nginx config** for staging ``` server { listen 80; server_name domain_name.com domain_name_2.com; root /var/www/services/project_name_frontend/; index index.html; location ~ ^/api/ { rewrite ^/api/(.*) /$1 break; proxy_pass http://unix:/var/www/services/enerlly_backend/backend/backend.sock; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_read_timeout 30; proxy_connect_timeout 30; proxy_send_timeout 30; send_timeout 30; proxy_redirect ~^/(.*) $scheme://$host/api/$1; } location /ws { try_files $uri @proxy_to_ws; } location @proxy_to_ws { proxy_pass http://127.0.0.1:8001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_redirect off; } location ~ ^/admin/ { proxy_pass http://unix:/var/www/services/project_name_backend/backend/backend.sock; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_read_timeout 30; proxy_connect_timeout 30; proxy_send_timeout 30; send_timeout 30; proxy_redirect off; } location /staticfiles/ { alias /var/www/services/project_name_backend/backend/staticfiles/; } location /mediafiles/ { alias /var/www/services/project_name_backend/backend/mediafiles/; } location / { try_files $uri /index.html; } } ``` and **Systemctl service** to execute Django Daphne service ``` [Unit] Description=Backend Project Django WebSocket daemon After=network.target [Service] User=root Group=www-data WorkingDirectory=/var/www/services/project_name_backend ExecStart=/home/ubuntu/project_python_venv/bin/python /home/ubuntu/project_python_venv/bin/daphne -b 0.0.0.0 -p 8001 project_name_backend.prod_asgi:application [Install] WantedBy=multi-user.target ``` **Below is the Load Balancer security group config inbound rules** ![Enter image description here](/media/postImages/original/IMN2LT2BlTSmK0PHEAu5dwHQ) **Listner Config for Load Balancer** ![Enter image description here](/media/postImages/original/IMxBGKpaJOSrSsOQyn5FEt-Q) ![Enter image description here](/media/postImages/original/IMktSIYK0ZSOy8GzYyR-DI_w)
0
answers
0
votes
12
views
Ganesh
asked 2 months ago