I am seeing ELB_Code_5XX alarms in Cloudwatch but I am not able to see any errors logged in ELB access logs.
I have used the Standard AWS Template to configure ELB access logs. Am i missing on something in the configuration?
Related
I'm having an issue with the timeout of my application gateway waf v2.
I set the timeout to 220 sec as showed in the following picture
but im getting a 504 gateway timeout of a particular request at 100 seconds.
Do I need to have any other consideration for make this timeout possible?
[UPDATE]
The error is a 504.0 Gateway timeout.
If I force this error, putting a wait statement on my SP, the error is just a 504 Azure Gateway Timeout
Thanks in advance
Most probably this is happening from your app service and not from the gateway.
Since you are getting a timeout at 100 sec, this may be from the default http timeout. you can check the application gateway request timeout is set correctly by the below .
az network application-gateway show --resource-group <replace with your resource group> --name <replace with your application gateway name> --query 'backendHttpSettingsCollection[].{name: name, reque stTimeout: requestTimeout}'
if this is coming out as expected (230 sec), then you need to see your app service.
For example, if your backend is configured in azure app services, the typical deployment will be based on IIS and the default connection timeout is 2 minutes.
You can override the behavior of the app service. If it is in azure app service, you can use XDT to change the connection timeout attribute of weblimit .
If it is a.NET application that serves the request that you have mentioned and uses HTTP client, then the default timeout is 100sec. You should set a request timeout value that is greater than your application gateway
HttpClient httpClient = new HttpClient();
httpClient.Timeout = TimeSpan.FromMinutes(10);
https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclient.timeout?view=net-6.0
The error 504 gateway timeout usually occurs when one or more servers could not complete the request within the allotted time and does not receive a timely response from gateway.
To verify if the backend is taking time for the response, you can enable diagnostic logs on application gateway.
By this you can find access logs for the time taken by backend for the response.
Using these logs, you can view Application Gateway access patterns and analyze important information.
Please check whether your domain is proxied via CloudFlare as #Ked Mardemootoo commented.
Please note that:
As your connections are getting dropped at less than the request time out seconds set, you need to find which connection is triggered.
To resolve the issue, please contact Azure Support.
For more information, please refer below links:
azure public ip - Causes for Application Gateway Connection Timeout - Stack Overflow
Random 504 Gateway timeout while doing load test with application gateway - Microsoft Q&A
I have a standard load balancer in azure, and some clients complain that they receive 503 error status code.
They are accessing the load balancer service behind their local proxy server.
I suspect the issue is on the client side (at the proxy server level), but I would like to verify the load balancer access log, just to be extra sure.
Is there any way to see those logs?
I've enabled the logging on Activity Log -> Diagnostics settings and checked all the logs (Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Atuoscale,Resource Health), and I can see the metrics under the Storage Account -> Metrics, but I can't manage to find any access/error logs which is what I need in order to see if the client is reaching the load balancer or not.
Connect your load balancer to Log Analytics. You can query your logs in there and create visualisations. It will automatically grab your diagnostic settings logs as well.
Here is the Azure documentation
I have a react app hosted on AWS as two EC2 instances. One for the frontend(ReactJs) and other for the backend (NodeJs with MongoDB as the database). To put the website behind SSL, the frontend instance is wrapped under an application load balancer. All listeners are configured as per AWS documentation along with setting up the security and target groups.
Route 53 has been also setup to allow all connections to the website to be routed to the https link which is working properly.
Problem arises when I open my website and try to login. When this access is being made from the frontend server to the backend url, the above message is displayed in the Chrome console while in Firefox it gives the following error: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at . (Reason: CORS request did not succeed)."
Also just to highlight that the issue is only when i've put the website under an SSL certificate. We have also setup two staging servers which do not have any SSL certificate and there's no issue while doing any activity such as login mentioned above.
Please help me identify where i might be going wrong. I had also raised a technical ticket with AWS support but they have only confirmed that all settings related to the Load balancer and instances etc. are correct and have not been able to find the root cause. I have also tested the UFW for the Ubuntu instance which shows invalid so that is also not an issue.
Thanks,
Pranay
Created a separate application load balancer for the backend instance and then created a cloudfront distribution for this instance. The DNS name of the cloudfront can then be used to access the backend from the frontend.
Azure application gateway displays 502 bad gateway error, while application returns 401 or 500 errors. It should send whatever the application sends but by default it sends 502. Any idea what happen and any configuration or code change suggestions?
EDIT:
We are using node js for our API service. When a client tries to hit the endpoint without any auth header, then the service will return 401 error. This error is transformed into 502 when it's passing the App gateway.
General Workflow
When application gateway receives a status code greater than 399, then it will consider there were some issues with the servers and it will remove the server from the pool. After sometime it will check the application status, if it is returning status code lesser than 400 then it add the server to pool.
By default application gateway will be configured to check the app health by making a HTTP/HTTPS request.
Cause
Application may encountered any errors or any authentication errors may result in different error codes. This might caused the application gateway result in 502 error.
Probe
We can configure a special file/end point to check the application/database health. This configuration should be in the probe file.
Useful resource
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-create-probe-classic-ps/
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-probe-overview/
Hope it helps!
Error Status Codes(401, 404) returned from pod considered as unhealthy by the azure application gateway and it produces 502 Bad Gateway Error as a response. So you need to modify the health check mechanism of Azure Application Gateway.
Error Codes that are considered to be healthy 200-399 by default
Modify it in "health probes" section inside your Application Gateway Resource, https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-portal
I'm digging around trying to find the location of the access logs on an EC2 instance within the beanstalk running PHP5 and not JAVA.
I've looked in /var/log/httpd and the access_log there is empty.
Also the AWS control panel logs don't show the access logs.
Does anyone know where I might be able to get these access logs?