0

I am currently trying to setup a health check on my Nginx server using AWS ELB but can not correctly configure it. I have done this in the past but this time I keep getting the following repeatedly:

nginx_1  | 172.31.51.43 - - [22/Feb/2020:15:29:11 +0000] "POST /agent/v1/d4417c82-03a1-4823-9274-4bfa727442e9/heartbeat HTTP/1.1" 404 153 "-" "Go-http-client/1.1" "10.10.64.54, 68.115.216.198"
nginx_1  | 2020/02/22 15:29:11 [error] 7#7: *35 open() "/etc/nginx/html/agent/v1/b745ff52-691f-4c6c-ab8a-60d6d1ae4c1d/heartbeat" failed (2: No such file or directory), client: 172.31.51.43, server: , request: "POST /agent/v1/b745ff52-691f-4c6c-ab8a-60d6d1ae4c1d/heartbeat HTTP/1.1", host: "agent.service.itsupport247.net"

My current setup is as follows:

Nginx Config file (mysite.template):

location /elb-status {
   access_log off;
   return 200 'A-OK!';
   add_header Content-Type text/plain;
}

AWS Health Check Settings:

path: /elb-status
success code: 200

Why are the above errors looking for /etc/nginx/html/agent/v1/ coming from host: "agent.service.itsupport247.net"?

user081608
  • 103
  • 3

1 Answers1

2

Are you sure that the ELB Health Check doesn’t work? Does the instance show as In Service or Out of service in the ELB console? It looks like it’s in service because it forwards outside traffic to your Nginx.

My guess is that the logs you see are either random web scanning traffic, or your ELB IP used to belong to someone else who used to use that itsupport247.net service.

As long as your ELB works you will get this random traffic from all around the world.

And if your ELB doesn’t work you’ll have to provide more details - screenshots, error codes, Sec group details, etc.

MLu
  • 24,849
  • 5
  • 59
  • 86
  • Hi @MLu - I looked deeper into this and I was misreading the two errors that repeatedly are hitting my ELB. My healthcheck comes in as `ELB-HealthChecker/2.0`. I am thinking my ip belonged to someone who previously used itsupport247. Would the best route here be to change the ELB IP? – user081608 Feb 22 '20 at 19:35
  • @user081608 Best is to not worry about it. You *will* be getting random requests from web scanners looking for common frameworks vulnerabilities all the time. Other than that you can certainly recreate the ELB to get a new set of IPs, or wait a few weeks as the IPs change from time to time, or set up AWS WAF to block this traffic before it hits your Nginx. – MLu Feb 22 '20 at 20:42
  • Thank you, that makes sense! – user081608 Feb 22 '20 at 20:52
  • @user081608 Glad to be of a help :) If you don’t mind please upvote and and accept the answer. Cheers – MLu Feb 22 '20 at 20:56