502 bad gateway - aws application load balancer, ecs

Gergő Horváth

2/10/24, 3:10 PM

I'm having a simple app that I've been experimenting with to learn aws. I first created a http version of a docker image pushed to ecr, ecs using it to create services, and tasks, application load balancing with blue green deployment controlled by codedeploy, and auto-scaling.

The http version worked fine, health checks are passing, no issues.

Now I created the same app with https, with certificate assigned, but the same app fails health checks.

I modified the security group to receive all requests for testing purposes, and assigned a domain through route53 to the load balancer.

I get 502 bad gateway back.

I don't know if it's related to the health checks failing (I guess the load balancer just calls the IP of the container directly), but I have no idea how to debug that, couldn't find a way to find out why the health checks are failing.

But now that I'm trying to access the health check, it throws 502, and when I check the load balancer logs, it shows this (I modified the log to make it more readable):

type https
time 2023-02-10T14:37:00.099726Z
elb app/myapp-load-balancer-staging/c6aabdb240600ca8
client:port myip:38255
target:port targetip:3000
request_processing_time -1
target_processing_time -1
response_processing_time -1
elb_status_code 502
target_status_code -
received_bytes 360
sent_bytes 277
"request" "GET https://api.myapp.com:3000/rest/health HTTP/1.1"
"user_agent" "PostmanRuntime/7.29.0"
ssl_cipher <some text>-SHA256
ssl_protocol TLSv1.2
target_group_arn arn:aws:elasticloadbalancing:eu-west-1:myaccountnumber:targetgroup/myapp-blue-target-staging/id
"trace_id" "Root=1-63e6568c-7c78be0f1e967e59370fbb80"
"domain_name" "api.myapp.com"
"chosen_cert_arn" "arn:aws:acm:eu-west-1:myaccountnumber:certificate/certid"
matched_rule_priority 0
request_creation_time 2023-02-10T14:37:00.096000Z
"actions_executed" "forward"
"redirect_url" "-"
"error_reason" "-"
"target:port_list" "172.31.2.112:3000"
"target_status_code_list" "-"
"classification" "Ambiguous"
"classification_reason" "UndefinedContentLengthSemantics"

This is when I tried to call the endpoint.

The ports match everywhere (3000), the type is HTTPS everywhere, the certs are matching, I have no idea what's wrong, and ran out of ideas about how I could debug this problem.

857

1 + 0

load-balancing

amazon-web-services

amazon-ecs

amazon-alb

Score:0

Server

palvarez

2/23/24, 6:42 PM

Now I created the same app with https, with certificate assigned, but the same app fails health checks.

If the targets of your loadbalancer fail the healthcheck, the loadbalancer will not send any traffic to them. You may have changed the protocol in the healthcheck to HTTPS, but the targets may need the previous protocol.

You need to fix the healthchecks to make it work, you could change the healthcheck back or make your targets respond to HTTPS.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: 502 bad gateway - aws application load balancer, ecs

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.