1

If the health check is working and the backend service is marked as green (i.e. I do have a firewall rule for the LB hc/traffic), would could explain that no real traffic can get in (I'm getting a 502 "failed to connect to backend" in the LB log)?

I'm running nginx behind, I do have access log entries for the healtchecks and I don't have error log entries for the actual traffic (just to confirm that real traffic is not reaching the instance).

More details: the backend service is associated to a unmanaged group that contains one instance.

P.S. It's not an "url map" issue, I only have the default "all unmatched traffic" rule on this LB.

Rhangaun
  • 189
  • 1
  • 15

1 Answers1

1

As per the GCP documentation, 502 errors failed_to_connect_to_backend basically mean that the connection to the backend instances has failed to establish

I would recommend making an hTTP(S) request direct to the instance and verify it is responding. If instance is not responding

  1. check the instance firewall or the GCP firewall blocking the traffic

  2. Run netstat -nltp to see if the instance is listening on tcp ports it should be listening to any ip(0.0.0.0/0 or IP address of the load balance.

  3. Also verify if there is any mis-configuration or service not running inside the backend instance

  4. Service is listening on the port configured on the servers

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
Dattu Pragnu Nellutla
  • 21
  • 2
  • 1) checked. 2) checked (nginx, 0.0.0.0/0 :443), 3) service for the test is just ninx and it's running, 4) same as 3. Something else is going on. – Rhangaun Apr 23 '20 at 03:19
  • 4
    Did a snapshot of the instance, created a new instance from it another region, created a new group / backend service with the same config, and it worked... – Rhangaun Apr 23 '20 at 15:37