I have configured an haproxy http loadbalancer to listen on port 80.There are two windows servers which serve as web servers listening on port 81 .The websites on the backend can only be accessed with the urls:
http://matrix-1.zone.lk:81,
http://matrix-2.zone.lk:81
These websites show up when they are accessed through the browser directly.But when i access them through the loadbalancer i get an error.The haproxy config is given below:
global
log 127.0.0.1 local0 notice
user haproxy
group haproxy
defaults
log global
retries 3
timeout queue 1000s
timeout connect 86400000s
timeout client 86400000s
timeout server 86400000s
timeout check 10s
maxconn 30000
listen http-in 0.0.0.0:80
mode http
stats enable
stats uri /haproxy?stats
balance roundrobin
server MATRIX-1 matrix-1.zone.lk:81
server MATRIX-2 matrix-2.zone.lk:81
Could someone tell me whats wrong??..thanks in advance3
Related
I have some difficulties with setting up a load balancer for a web app (CyberArk's pvwas, but i'm not sure it matters). Here is my certificate and page.cfg config file info:
`Subject:
CN=my.machine.name.in.DNS.A.record
Subject Alternative Name:
DNS name=page1.I.want.to.lb
DNS name=page2.I.want.to.lb
`
`global
log 127.0.0.1 local0
resolvers dns
nameserver localdns x.x.x.x:53
hold valid 2s
frontend web_lb
bind my.machine.name.in.DNS.A.record.domain.name:443 ssl cert /path/to/my/cert.pem
timeout client 1h
default_backend web
backend web
balance leastconn
mode http
timeout server 1h
timeout connect 4s
server web1 page1.I.want.to.lb.domain.name:443 check resolvers dns
server web2 page1.I.want.to.lb.domain.name:443 check resolvers dns`
I am sure my dns settings are fine, I just can't figure out whether problem is in my certificate or on the webpage site (i can go there straight through page1.I.want.to.lb and page2.I.want.to.lb). Haproxy service restarts fine and haproxy -f /path... -c says config file is valid. My haproxy version is 2.4.17 and I'm using CentOS 9.
I was already load balancing some apps using tcp mode and i am sure dns settings work. I also disabled requiring ssl on one server (hosting page1.I.want.to.lb), but still couldn't load page via LB dns's name
I am currently learning about AWS and I have a single EC2 instance running with a nodejs server on port 3000, an Application load balancer with SSL setup that listen on port 80 and 443 (http & https). When I make requests to the http route it returns back the successful health check message. But when I try to access my api via the https method, I get a 502 Error. I googled around and read some articles and they pointed out that the nodejs server keepAliveTimeout and headersTimeout should be higher than the timeout option of the ALB. I tried that and it didn't work. I also tried to set the max-http-header-value to 16384, I also tried to check the access logs for the load balancer on my S3 bucket and the logs just showed that I am getting a 502 error and nothing more. What could be the issue? Because I have tried all solutions that presented but they don't seem to work.
The 443 listener needs to be pointed to port 80 on the ec2 instance
The first thing to check is that your server is responding to requests. Try connecting to port 3000 on the server, either from the server itself (eg curl localhost:3000) or from outside the server (which will require the Security Group to permit access to port 3000).
Once you have confirm that the server is responding, configure Security Groups as:
A Security Group on the Application Load Balancer (ALB-SG) that permits Inbound access on ports 80 and 443
A Security Group on the Amazon EC2 instance (App-SG) that permits inbound access on port 3000 from ALB-SG
That is, App-SG should specifically refer to ALB-SG in its Inbound rules.
Then, configure the Load Balancer to have a Target Group that points at port 3000 on the app server and provide it a URL for the Health Check (that could simply be /).
Then, connect to the Application Load Balancer and see whether you can access your app.
I have nodejs app which is listening for http connections on port 3000 and also listening for tcp connections on port 5001 using nodejs' net library.
I am hosting the app using aws elastic beanstalk and it's classic load balancer.
My CLB listeners:
My Elastic Beanstalk load balancer listeners:
Also port 5001 is enabled in ec2 instance and load balancer security groups.
When trying to send tcp packet to load balancer's dns name it goes through, but never reaches the ec2 instance. Is there something else I have to configure for this to be possible?
The problem was I had net.listen host set to localhost instead of 0.0.0.0
Having difficulty phrasing my question, so I could not find much info on it so I will explain:
I have a node.js app that hosts a restify/express api on port 8081.
This same api hosts a websocket server on port 8083.
All this works wonderfully on localhost by specifying the ports, but in a hosted environment it needs to run on port 80 http. (omitting 443 for simplicity).
I am using AWS Elastic Beanstalk (nginx server). When I deployed my app, it creates an EC2 and ELB (load balancer) instance. The ELB then has a public dns which I use to access the api on port 80. There is no special listeners configured (only 80 and 443). So I am not sure how it gets to the api on port 8081. The EC2 instance also only allows 80 and 443.
The api works fine using it with the ELB public dns on port 80.
Now I have added the websocket server in there.
My problem is - I need another public dns on port 80 to go to the socket server on port 8083 of the same Beanstalk app. How would I approach this?
I would appreciate any thoughts and ideas.
It appears that..
Elastic Beanstalk creates a Classic load balancer which does not support websockets.
Default nginx setup on AWS does not allow Upgrade headers.
However, I got it working in the following manner:
Default EB setup (with classic ELB) serves the API as it normally did.
Then I created an ALB (Application load balancer) from the EC2 dashboard.
I added a target that routes to my EC2 instance (that EB created) on port 8083 (my websocket listener). My API runs on port 8081. Then add the target to the new ALB on on the Listeners tab.
This will allow traffic that hits the new ALB on port 80 to route to port 8083 of the server where my application is hosted.
In my .ebextensions file in the project, I added the following that will update nginx settings to allow the Upgrade header that is needed for websockets:
Add to .ebextensions
container_commands:
enable_websockets:
command: |
sed -i '/\s*proxy_set_header\s*Connection/c \
proxy_set_header Upgrade $http_upgrade;\
proxy_set_header Connection "upgrade";\
' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
So basically I have two load balancers. The default one that routes 80 to 8081, and another (ALB) that routes 80 to 8083.
This is by no means perfect. Auto scaling/load balancing would probably not work. But for now is serves the API and websocket server from the same application.
I have set two ec2 instances that form a rabbitmqcluster. I want to reach the cluster via an ELB. For testing purpose I open for security group of both instances all tcp ports and http port.
On elb I listen on http 80 and tcp 5672 (sames terminations on instances)In the security group of elb all tcp ports are open and http 80
Health check is made via tcp on port 5672.
I use amqp.node node.js client
To connect to Elb I use this function :
require ('amqplib/callback_api').connect ('amqp://<endpoint_of_elb>,...)
But connection isn't established, I can't see why
(Note :
- ec2 instances of rabbitmq are in the same AZ of ELB's vpc
-I also can't see why health check fails if I remove to listen on http 80 with elb)