2 回答
- 最新
- 投票最多
- 评论最多
0
- Verify the ALB is in a public subnet with a route to the internet gateway.
- Check the security groups - the ALB security group must allow inbound traffic on the listener port from your IP/network and the target group security group must allow traffic from the ALB on the container port.
- Go to the target groups section in the ECS console and check the health of your target. The health checks must be passing for targets to be considered healthy.
- Check the ALB listeners - make sure it is configured with the correct certificate and to forward traffic to your target group on the appropriate port.
- Review the ECS service configuration and ensure the service is using the correct task definition and load balancer details are populated correctly.
- Examine the ECS service events for any failures during deployment or target registration.
- Check the application container logs for any errors that could impact the health check.
0
To achieve end-to-end encryption between the Application Load Balancer and the Fargate tasks, you can use AWS Service Discovery with TLS enabled in client-server mode.
Check on these:
- Make sure the security groups allow traffic from the ALB to the service connect proxy port on the tasks.
- Verify the health checks configured on the target group are passing. The health check URL should be accessible over HTTPS.
- Check the service connect proxy logs for any errors during TLS negotiation. It could be failing to verify the self-signed certificate.
- Try making test HTTPS calls directly to the service connect proxy IP from another EC2 instance in the same VPC using
curl -k
to ignore certificate validation errors. - Ensure the application is configured to listen on the port exposed by the service connect proxy, usually 8443 for HTTPS.
All the above mentioned points are fine. The question is specific towards ECS service connect TLS not working with the HTTPS connection from the load balancer . As mentioned above its working perfectly fine when hit using curl from an EC2 machine.