AWS - Target Group Load Balancer

0
votes

I have a load balancer and an Nginx that sits behind the LB.

Below is the nginx config.

upstream app {
    server service_discovery_name.local:5005;
}

server {   // Reverse proxy for VPC ES to be available on public

    listen 80;

    location / {
        proxy_pass vpc-es-domain-url;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {  // reverse proxy for django app

    listen 8005;

    location / {
        proxy_pass http://app;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}

I've a listener attached to the ALB, listening at port 80, that forwards the traffic to the target IP. The target group has the private IP of the Nginx container. I use Fargate-ECS container.

Now when I route to ALB_url:80, it opens up the elasticsearch. However, when I route to ALB_url:8005, it fails to load anything. The django_app is running at port 5005, check by explicitly browsing to the IP=:5005.

I believe the nginx config is right. I want my traffic to be routed via ALB -> Nginx -> apps. What exactly am I missing?

1
amazon-web-servicesnginxamazon-elb

1 Answers

0
votes

When you configure an ALB you must create a listener, specify the port and the action(forward the request to Target Group or make redirects), you can create a multiples listener using different ports, for example, you can have a listener listening in 80 port and doing redirects to HTTPs and another listener with 443 port forwarding the request to Target Group.

According to that, I understand that your configuration is: - ALB listening in 80 port and sending the request to Target Group. - Target Group listening in 80 port and sending the request to Fargate Task(nginx server)

When you route to ALB_URL:80 the request is forwarded to Target Group by 80 port and the request is sending to Fargate task. But when you route to ALB_URL:8005 that will no work because the ALB doesn't have a listener for that port.

You can create a listener with 8005 port that forwards the request to a Target Group listening in the 8005. with this configuration when you route ALB_url:8005 the request will be sent to TG created and then will send to the Fargate task and will take the configuration into the Nginx config.

ALB---> listener 80 ----> Target Groupt port 80 ----> ECS Task Nginx

ALB---> listener 8005 ---> Target Groupt port 8005 ----> ECS Task Nginx

Don't forget to validate the Security groups to allow 8005 port

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-routing-configuration