I have a flask web app that I'm starting on port 80. I have a health check endpoint at /.
The flask app is inside a docker container with port 443 exposed.
I also have an ALB listening on
The SSL certificate is marked as "Issued" and "In Use".
The ALB's security group allows inbound and outbound traffic only on ports 80 (http) and 443 (https).
My Fargate cluster has an active service and the load balancer is in the TargetGroup and belongs to the same security group described above. The container port is 443.
I have one task associated with my service, and it is running.
At this point, I'm having trouble getting any response from my load balancer, which I've been trying to access through my browser. My registered domain name is also not responding, but I suspect it is because the load balancer isn't responding, so that's what I'm focusing on in this question.
I wasn't sure where to begin, so I used
nmap -p80 my-alb-xxxxxx.my-region.elb.amazonaws.com
But that tells me 0 hosts are up. I get the same result using port 443.
My understanding (help) is that my load balancer will accept traffic on 80 and 443, reroute to 443, which is the port my docker container exposes, and will reach my webapp running on 80.
This leads to the following questions:
I'm going to answer the parts of this I can, using the experience I have.
No. I'm assuming you are encrypting the traffic between the outbound world and the LB. It sounds like the traffic from the LB to your Fargate cluster is unencrypted. This is fine. Think of the traffic is unaware of its journey from one segment to another. Right now encryption terminates at the LB. The redirect from port 80 to 443 is when clients attempt to connect without specifying a connection type, it will switch to 443.
If you do this, you must be able to encrypt the connection. For testing purposes, to make sure you have the signal path working, I would leave your fargate task listening on port 80, and forward traffic to port 80. (Load Balancer to Fargate). See these resources for more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html
https://gist.github.com/jonashaag/4c01174c92ac71986e3dcc44cec6ad9c
https://docs.aws.amazon.com/AmazonECS/latest/userguide/service-load-balancing.html
Right now, I'd check the SG's and allowed ports between Fargate and the ALB. Remember:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.