2

I have a proxy+ resource configured like this,

enter image description here

NLB is internal, so using VPC Link, but when I hit the API gateway stage url, I am getting 404. Below are the logs,

(some-request-id) Sending request to http://masked.elb.us-east-1.amazonaws.com/microservice/v2/api-docs

Received response. Status: 404, Integration latency: 44 ms

But when I copy paste the same NLB URL from the log in the browser, I am getting json response back with HTTP 200.

What is that I am missing here?

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
karthikeayan
  • 4,291
  • 7
  • 37
  • 75

2 Answers2

1

This 404 is being returned from the application on your load balancer so it is definitely connecting.

I can see from your request the hostname you're specifying is an ELB name, is the application listening on this host name? Some web server services such as Apache or Nginx will hit the first vhost if they do not match one within another vhost which may not hit your application.

The domain name you specify in API Gateway should be the one it will connect to on the host, the VPC Link stores the information of which load balancer this link is for. So if your API has a VHOST for https://api.example.com you would specify https://api.example.com/{proxy}.

From your host you should be able to see within the access logs (and error logs) which host/path it is trying to load from.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
  • Yes, application is listening on the ELB, I can access the ELB directly via VPN, I can access it successfully. – karthikeayan Jul 29 '20 at 19:22
  • If you access one of the hosts are you able to see requests in your access logs when you test this? – Chris Williams Jul 29 '20 at 19:24
  • unfortunately, we don't have access logs enabled, and the application is running in fargate.. so i don't see an opportunity in the next few hours i can enable access logs in the application.. – karthikeayan Jul 29 '20 at 19:27
  • Hmm could be hard to debug without that, so to confirm if you access `http://masked.elb.us-east-1.amazonaws.com/microservice/v2/api-docs` when connected to the VPN it works but when API Gateway accesses this exact endpoint (including the same domain name) too it gets a 404? – Chris Williams Jul 29 '20 at 19:28
  • Could you enable https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html and then compare the difference between your request and the one that API Gateway is sending? – Chris Williams Jul 29 '20 at 19:30
  • yes, thats correct.. so i copied all the http headers from the api gateway logs and copied that into postman request headers.. to check if http headers making any diff, but even in postman i can get 200 from the nlb url with all the http headers.. – karthikeayan Jul 29 '20 at 19:31
  • 1
    Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/218846/discussion-between-chris-williams-and-karthikeayan). – Chris Williams Jul 29 '20 at 19:31
1

It turns out that, I was pointing to wrong VPC Link. Once I pointed to correct VPC Link it started working.

Key here is that even though API Gateway logs tells me that, it is hitting http://masked.elb.us-east-1.amazonaws.com/microservice/v2/api-docs, it doesn't actually hit this URL. Instead it hits the NLB which VPC Link is attached to.

I confirmed this by changing the domain name in the Endpoint URL to, http://domainwhichdoesnotexist.com/microservice/v2/api-docs

And in logs I see this,

Thu Jul 30 09:28:09 UTC 2020 : Sending request to http://domainwhichdoesnotexist.com/microservice/api/api-docs
Thu Jul 30 09:28:09 UTC 2020 : Received response. Status: 200, Integration latency: 72 ms
karthikeayan
  • 4,291
  • 7
  • 37
  • 75