2

I have configures a eureka server in ECS cluster, and used an application load balancer for it's service. The eureka is configured to accept authentication using the property file as below.

security.user.name=xxxxx
security.user.password=yyyy

In the load balancer i created a target group for eureka on port 8761. And i gave the '/' url for the health check. But the load balancer's health check fails with the following error.

Health checks failed with these codes: [401]

This specifies that the ALB fails to pass the health check because of the authentication. (Removing the authentication part works but it causes some other errors). Is there a way to pass the health check in ALB ?

Lahiru Liyanapathirana
  • 393
  • 1
  • 6
  • 12

1 Answers1

3

The URLs used with ALB health checks must return a value between 200 and 399. Also, your ALB must be configured with the acceptable response values.

Source: http://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html

Anything else will result in a failure:

  • 401 will result in failure.
  • 301 with ALB not configured for 301 being OK, will result in failure.

To pass an ALB health check, you must provide a URL that can return an acceptable status code. It can be a path dedicated for the health check, such as /System/Check/.

Matt Houser
  • 33,983
  • 6
  • 70
  • 88
  • You can configure an ELB/ALB to accept other return codes. For example you might consider a 301 redirect to be a healthy response. Of course in this case a 401 doesn't sound like a healthy return code. – Mark B Jan 18 '17 at 15:58
  • Classic ELB is fixed at 200. ALB is configurable between 200 and 399. I have updated my answer. – Matt Houser Jan 18 '17 at 16:06
  • Thanks for the clarification and documentation link. I forgot you can't edit that on classic ELB. And I didn't realize there was a range restriction on ALB. The tooltip in the AWS console makes it sound like it would accept any value. – Mark B Jan 18 '17 at 16:14
  • @MattHouser Is it mistakenly updated here? Because I can see the port 200-499 in the documentation. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#:~:text=default%20is%202.-,Matcher,-The%20codes%20to – Kishor Unnikrishnan May 09 '23 at 09:53
  • @KishorUnnikrishnan It looks like they may be allowing 200-499 as possible values for the field now. – Matt Houser May 10 '23 at 12:05
  • Yeah, but actually they throw error if we place 401 as Matcher code. Not sure why. I was curious if AWS was not allowing it before and something breaks in between. – Kishor Unnikrishnan May 10 '23 at 12:22