AWS ALB Health Check 404

Question

I have an ALB with 2 targets in the target group. However my health check aren't working properly. Both are showing

"Health checks failed with these codes: [404]"

My settings for the health check path are:

/var/www/html/generic/website.com/healthcheck.php

and if I do a nano /var/www/html/generic/website.com/healthcheck.php on the ec2 instance it shows this which should be all the health check needs I think.

<?php
header("Status: 200");
?>

I double checked the AZ and the ALB is in the same one and subnets as the 2 instances. Also when I check my apache logs this is what I see:

"GET /var/www/html/generic/website.com/healthcheck.php HTTP/1.1" 404 196 "-" "ELB-HealthChecker/2.0"

What am I doing wrong that is making the healthcheck fail?

What port do you have your health checks pinging? Check your security groups on the ALB and EC2 for the open port you are pinging in the health check. — exception_thrown, Aug 19 '20 at 21:57
i am pinging 80 which is my webserver so i know that is open — user2570937, Aug 19 '20 at 22:13

score 2 · Accepted Answer · answered Aug 19 '20 at 23:10

Seems you can't use a namebased vhost for a healthcheck. So in my vhost file I added the following code. What it does is if someone goes straight to your ip it will give them a 404 but if they go to your ip/healthcheck then it will show a 200 which is what ALB needs. Then in your path just put /healthcheck.

<VirtualHost *:80>
  ServerName default
  RewriteRule "/healthcheck" - [R=200]
  Redirect 404 /
</VirtualHost>
<VirtualHost _default_:80>
  RewriteRule "/healthcheck" - [R=200]
  Redirect 404 /
</VirtualHost>

JD D · Answer 2 · 2020-08-19T22:52:25.040

1

The ALB healthcheck is going to be accessing your healthcheck.php via the web interface and has no concept of where the files exist on the file system. This value needs to be the URI path after the hostname.

Configuring the healthcheck to be /var/www/html/generic/website.com/healthcheck.php is equivalent to telling AWS to check http://website.com//var/www/html/generic/website.com/healthcheck.php which is probably not your intention.

Assuming the actual path you want to check is more like http://website.com/healthcheck.php, update your healthcheck path to simply be /healthcheck.php and this should hopefully work for you.

edited Aug 19 '20 at 22:52

answered Aug 19 '20 at 22:36

JD D

7,398
2
34
53

how does it know which website to check since i'm using vhosts? – user2570937 Aug 19 '20 at 22:37
it forwards traffic to your ec2 instance on the port specified and your web service on that instance should be configured to serve up your website from requests on that port. The mapping of HTTP URI to what is returned is the job of your web server (i.e. apache, nginx, php) – JD D Aug 19 '20 at 22:40
yes it is configured however I have about 20 websites being hosted on that instance. You said the ALB knows to check http://website.com. how does it know to check that url if all i'm putting in the path is healthcheck.php? – user2570937 Aug 19 '20 at 22:43
typically if you have many things hosted on the same server the differentiator is the port... is each of your web sites configured to use different ports? If not, are the websites differentiated via path? If they are differentiated via path and the root folder is just the default one (`var/www/html`) then the correct value for healthcheck would be something like `/generic/website.com/healthcheck.php` – JD D Aug 19 '20 at 22:50
yes, I'm using name based virtual hosts so everything is on the same port. I just changed the path to /generic/website.com/healthcheck.php and i'm still getting a 404 – user2570937 Aug 19 '20 at 22:55
this is what my apache access log is showing [19/Aug/2020:15:56:41 -0700] "GET /generic/website.com/healthcheck.php HTTP/1.1" 404 196 "-" "ELB-HealthChecker/2.0" – user2570937 Aug 19 '20 at 22:57
1

what you are getting in the access logs makes sense... do you have an example of a path that works? for example, if you wanted to get a response from the localhost, what path would you use? For example if you are sshed onto the machine and do `curl http://localhost:80/??/healthcheck.php`, what is the value of `??`? If you have the answer to that, that will be the same path you put into the healthcheck – JD D Aug 19 '20 at 23:00

Arun Kamalanathan · Answer 3 · 2020-08-19T23:18:27.340

Since you have multiple named hosts in nginx. What you could try is setting the healthcheck on the / with 200 OK as the status code. it should return the default nginx page with status code 200 OK.

Another method is, you can add healthcheck url that doesn't exist such as /my-health-page and in the health check configuration set the expected health check status code to be 404. So what we are assuming here is, if the nginx is inspecting url and return 404 NOT FOUND,the Nginx is working. But this method wont be checking anything more than that.

Pros:

ALB is able to whether your instance is running
ALB can check whether nginx is running

Cons: The health check wont identify the cases for example php not working or mysql server is not reachable from the application etc

AWS ALB Health Check 404

3 Answers3