503 Service Unavailable for Elastic Beanstalk HTTPS Configuration

1
votes

I have a PHP app deployed on Elastic Beanstalk, currently with a single instance behind a load balancer and am attempting to enable SSL. The current configuration is as follows:

-I've uploaded my certs to IAM successfully

-On the EB Console Load Balancer config "Listener Port" is off, "Secure Listener Port" is "443", and "Protocol" is set to "HTTPS"

-In my Loadbalancer, accessed through the EC2 console, Load Balancer Port/Protocol 443/HTTPS and Instance Port/Protocol is 80/HTTP (the default HTTP/80 HTTP/80 listener is still there but i've tried removing it to no joy)

-My security groups for both the load balancer and the instance are configured the same: Inbound is allowing all connections from either security group, plus inbound http on 80 and https on 443 (source= 0.0.0.0/0)

When attempting to access the url https://myurl.com, I get 503 service unavailable (server at capacity). I suspect there is an issue with my security group configuration, but can't figure out what it is (have tried referring to this thread).

Any Ideas?

1
sslamazon-web-serviceshttpsamazon-elastic-beanstalk
Can you access the EC2 via the public IP? 54.XXX.XXX.XXX if that works you know the problem is with the load balancer, if it doesn't it's the server itself. - jsemig
I was able to, so the problem was with the load balancer. I still couldn't figure it out though so I terminated the application and re-deployed. This seems to have worked, although I'm afraid I never got to the root cause of the problem. I guess this should be closed? - Daniel Hostetler
I've encounter the same problem with python 2.7 environment, eb status shows "green" light, when deployed new code, it showed time out error message, I solved it by clone a new environment and terminate the old one... - moogoo
thcntk wrote in an Answer "Check if target groups have registered targets for load balancer. medium.com/@degaze.film/…" - Scratte

1 Answers

4
votes

I just experienced this on my ElasticBeanstalk deployment and the reason was that my elastic load balancer had 0 healthy instances in service. There's different health check settings, one that checks over HTTP:80 and one that checks over TCP:80. I haven't investigated thoroughly but for some reason the HTTP:80 setting will result in my servers being marked as unhealthy, but TCP:80 will test correctly. If this comes up again I would suggest looking in there?