0

I have an EC2 instance (Instance-A) that sits behind an ELB (single instance at the moment). The server runs on Wildfly 11.

Target group shows the instance is healthy. And I can use curl using ip address from another instance (Instance-B) in a different vpc.

But it returns 502 when I curl the ELB dns name from Instance-B. Any idea where to look at?

Access log entry,

http 2019-11-11T22:57:04.899824Z app/DummyELB-2/b71c4db727f11413 172.31.14.179:60746 10.1.4.217:80 -1 -1 -1 502 - 127 293 "GET http://internal-dummyelb-2-1122730003.ap-southeast-2.elb.amazonaws.com:80/ HTTP/1.1" "curl/7.61.1" - - arn:aws:elasticloadbalancing:ap-southeast-2:xxx:targetgroup/DummyTG-2/738f12f02eeddb57 "Root=1-5dc9e740-f43a035fdc04fec2373217d6" "-" "-" 0 2019-11-11T22:57:04.898000Z "forward" "-" "-" "10.1.4.217:80" "-"

- Update -

The ELB is internal and the instance is private. I also have a separate private instance (with a index.html on apache server) and an internal ELB that has no problem with curling ELB DNS.

mumbo_s5
  • 161
  • 1
  • 14

2 Answers2

1

It seems you are either using a private load balancer or hitting the private hostname as per the domain in your logs

http://internal-dummyelb-2-1122730003.ap-southeast-2.elb.amazonaws.com:80/

Private hosts will only be resolved within the VPC. You can resolve the private hostname in peered VPC but that requires extra configuration. More information for that here:

https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html

Check the section : Enabling DNS Resolution Support for a VPC Peering Connection

Juned Ahsan
  • 67,789
  • 12
  • 98
  • 136
  • Yeah, the ELB is internal and the instance is private. But I have a separate private instance (with a index.html on apache server) and an internal ELB that has no problem with curling ELB DNS. – mumbo_s5 Nov 12 '19 at 02:19
  • 1
    updated the answer with a link about vpc peering, in case you need to resolve private DNS record from a different VPC. – Juned Ahsan Nov 12 '19 at 02:21
  • I'm sharing a hosted zone between VPCs. Also due to the fact that I can curl the ELB DNS on a similar setup (but with apache and index.html) means ELB forward requests to the server. Given that I can't see requests being logged in my app and I can see healthcheck requests on app logs, my gut feeling is this is something to do with either ELB cannot forward requests to my server or some problem with wildfly. Correct me if I am wrong. – mumbo_s5 Nov 12 '19 at 03:13
0

It was a problem with how I setup forwarding requests to port 8080 in the target group. I have set the override port to 8080 in the health check rather than in target group.

Once I fixed it, my ELB managed to forward requests correctly.

mumbo_s5
  • 161
  • 1
  • 14