0

I'm trying to get static IP addresses for an app running behind an ALB by deploying a Network Load Balancer in front of it.

This is my setup:

  • I'm using an Application load balancer to serve http and https requests on the top of two EC2 instances.
  • I created a Network Load Balancer(with the target group as Application load balancer) as I wanted static ip address for the Application load balancer.
  • I have added port 80,443, and at the network load balancer.
  • I have allowed tcp 80 and 443.
  • I have used AWS ACM certificate at my application load balancer

Unfortunately, I'm getting an ERR_SSL_PROTOCOL_ERROR when I'm trying to access through my domain or elatic ip address.

What am I missing?

Maurice
  • 11,482
  • 2
  • 25
  • 45
pankaj
  • 37
  • 1
  • 6
  • Can you verify if the ALB is able to serve the website successfully by circumventing the NLB? This could help us narrow down the issue. – Maurice Dec 21 '22 at 09:19
  • you must create one Application Load Balancer target group for TCP 80 and another for TCP 443 and The security groups and NACLs attached to your Application Load Balancer must be configured to allow health checks sourced from the Network Load Balancer's private IP address , [source](https://aws.amazon.com/premiumsupport/knowledge-center/alb-static-ip/#:~:text=You%20can't%20assign%20a,behind%20a%20Network%20Load%20Balancer.) – furydrive Dec 21 '22 at 09:29
  • What domain did you use to setup ssl cert for? – Marcin Dec 21 '22 at 10:05
  • @Maurice yes my alb is able to serve website successfully – pankaj Dec 21 '22 at 14:58
  • @Marcin new.yourdigiwill.com – pankaj Dec 23 '22 at 05:55
  • @furydrive in the alb security groups i have added 80 ,443 as well as inbound rules – pankaj Dec 23 '22 at 05:56
  • Your architecture is confusing? Why do you need nlb? You can add static ip address to alb directly. – Marcin Dec 23 '22 at 06:03
  • @Marcin how ?because i did read on aws docs that we cannot assign static ip address to alb directly....because of that only i am using nlb....if it can be done please provide me any reference – pankaj Dec 23 '22 at 06:58
  • @Marcin i got it here. https://aws.amazon.com/premiumsupport/knowledge-center/alb-static-ip/#:~:text=You%20can't%20assign%20a,behind%20a%20Network%20Load%20Balancer. – pankaj Dec 23 '22 at 07:00
  • The security groups and NACLs attached to your Application Load Balancer must be configured to allow health checks sourced from the Network Load Balancer's private IP address, have you done this? – furydrive Dec 27 '22 at 08:49
  • I am guessing this is because NLB uses proxy protocol. – infinite_loop Feb 04 '23 at 04:07

0 Answers0