503 Service Unavailable when Load Balancer is active

Omid Shojaee

5/18/23, 10:54 AM

We have two cloud servers from Hetzner. The web server is Nginx. Both servers are identical (hardware, software and our web application).

LetsEncrypt certificate is installed on both servers. Nginx is configured to redirect http to https.

The DNS server is Cloudflare. We switch the IP address of our domain's A record manually from Server A to Server B or vice versa.

Now we have created a Load Balancer in Hetzer with our two servers and one service: https 443 -> 443.

As soon as we change the IP address of the A record of our domain to the IP address of LB, we receive 503 service unavailable.

Please assist.

186

0 + 0

load-balancing

Gerald Schneider

5/18/23, 10:56 AM

Read log files on your webs server and your load balancer.

Saïmonn

5/20/23, 1:16 PM

If you're using Hetzner's managed load-balancer, there should be somewhere in their web interface some way to get logs and/or status of backend connections (to server A and B). ALso, usually the load-balancer make the SSL termination, thus you may need to configurer let'sencrypt certificate there. https://community.hetzner.com/tutorials/configure-lb-cert-with-external-domain

Omid Shojaee

5/24/23, 9:03 AM

@Saïmonn Thanks. Apparently there's no log, and the certificate is already configured. I think we should not have the SSL certificates installed on the server and we should let LB to handle that otherwise I don't understand why LB needs the CA and KEY of my certificate.

Saïmonn

5/25/23, 10:38 AM

@OmidShojaee in that case, your load-balancer should be configured to use serverA and serverB as http backend on port 80, not 443.

Omid Shojaee

5/25/23, 12:24 PM

@Saïmonn So LB for http 80 -> 80 and Nginx handles 80 -> 443 right?

Score:0

Server

Saïmonn

5/26/23, 3:31 PM

If you want to use a load-balancer for SSL termination, your nginx should not listen on tcp port 443 nor have a certificate. nginx should only listen on port 80, and the load-balancer shoud:

have a certificate (hetzner LB can apparently manage LetEncrypt certificates)
listen on port 443 (source), and redirect to nginx port 80 (destination), with SSL proxy in between.

To manage the http to https redirection, if the load-balancers are able to do it, that's the best option. If not, then on nginx side you will have to detect if the client connects with https or http (sometimes the load-balancer can set a header with this information), and redirect if it's cleartext http.

0 + 0

Omid Shojaee

5/28/23, 7:34 AM

Thank you. This is the type of answer I was looking for.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: 503 Service Unavailable when Load Balancer is active

TH: บริการ 503 ไม่พร้อมใช้งานเมื่อโหลดบาลานเซอร์ทำงานอยู่

RO: 503 Service indisponibil când Load Balancer este activ

RU: 503 Служба недоступна, когда балансировщик нагрузки активен

VI: 503 Dịch vụ không khả dụng khi Cân bằng tải đang hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.