0

I am trying to create NLB and I am following the steps illustrated in https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancer-getting-started.html. When I create the target group, the instances are showing that they are unhealthy Health checks failed. The instances are running and status checks have passed.

Protocol: TCP
Port: 80

I found [https://stackoverflow.com/questions/51135715/how-to-avoid-the-configuration-error-while-using-aws-api-gateway-with-vpc-link] that I need to add the NLB IPv4 to the security group of instances in target groups as inbound rules. Still no luck!

attribute page health check ip added to security group nlb config failed checks

harry123
  • 760
  • 1
  • 7
  • 22
  • Can you share some information about your configuration? Also, can you validate if your service in the target instances is running. – georgeos May 31 '21 at 21:03
  • @georgeos I am new to this, Sorry but what information do you need? I can hit the endpoint from browser `https://www.example.com/v1.ping`. – harry123 May 31 '21 at 21:07
  • Check your security group for your instances. If endpoint works, that mean that NLB is working even with a domain and it's routing correctly to your instances. But still appears health checks failed? – georgeos May 31 '21 at 21:15
  • Have you tried his? https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ts-elb-healthcheck.html – georgeos May 31 '21 at 21:18
  • @georgeos sorry i forgot to mention, the `https://www.example.com/v1.ping` is pointing to ALB url with listener rules not NLB right now. That is probably why endpoint is working. – harry123 May 31 '21 at 21:19
  • @georgeos and yes I tried that page. When I do `telnet 80`, all I get is `Operation Timeout Unable to connect to remote host` – harry123 May 31 '21 at 21:22
  • That means there is some misconfiguration. You should go step by step, checking every part of your solution. Check from your instances, if your service is running. Check from another instances if your services is reachable. Check security group of your instances if you added correctly your NLB with the required port. Check listener, target group.... – georgeos May 31 '21 at 21:29
  • can you try following steps, try accesing your webserver or website through its instance IP? if yes that means your webserver and ec2 instances is properly configured. 2)Remember NLB doesn't have security groups so you need to add inbound rule to instance security group that allows traffic from nlb private IP. Your instance will become healthy but this will still lead to time out issue. To prevent time out issue just follow this question https://stackoverflow.com/q/67172846/13126651 – Jatin Mehrotra Jun 01 '21 at 04:07
  • @JatinMehrotra I have already added the NLB private IP as inbound rules to security group of the instance with HTTP/TCP/80. When I go to the instance, it shows all status checks passed that should mean instances are properly configured. – harry123 Jun 01 '21 at 14:47
  • so i think now it will time out right?just got o your target group -> attributes and disbale client IP preservation.. When client IP preservation is disabled, the private IP address of the Network Load Balancer becomes the client IP for all incoming traffic – Jatin Mehrotra Jun 01 '21 at 14:53
  • @JatinMehrotra tried that and it is still unhealthy! – harry123 Jun 01 '21 at 16:32
  • can you post a screenhsot of your health checks in nlb? – Jatin Mehrotra Jun 01 '21 at 16:49
  • @JatinMehrotra added screenshots – harry123 Jun 01 '21 at 17:00
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/233193/discussion-between-jatin-mehrotra-and-amyj). – Jatin Mehrotra Jun 01 '21 at 17:02

0 Answers0