I built this traffic route in a VPC.
Route53->ACM(SSL)->Public ALB->EC2(Nginx proxy)->Private ALB->ECS(Internal App)
The EC2's security group is allowing tcp 80 and 443. The ECS' security group is allowing 80 from EC2's security group.
When I access the domain registered in Route53, it got 504 DNS look up failed error.
When access the public ALB's DNS name got 503 Service Temporarily Unavailable error.
I'm sure the ACM is setting and the public LB's DNS name is registering to the Route53 with the domain.
The ALB settings on the public subnet are doing by Terraform
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.this.arn
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
resource "aws_lb_listener_rule" "http_redirect" {
listener_arn = aws_lb_listener.proxy.arn
priority = 1
action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
condition {
path_pattern {
values = ["/*"]
}
}
}
resource "aws_lb_listener_rule" "http_forward" {
listener_arn = aws_lb_listener.http.arn
priority = 2
action {
type = "forward"
target_group_arn = aws_lb_target_group.proxy.arn
}
condition {
host_header {
values = ["proxy.portsite.com"]
}
}
}
resource "aws_lb_listener_rule" "https_forward" {
listener_arn = aws_lb_listener.https.arn
action {
type = "forward"
target_group_arn = aws_lb_target_group.proxy.arn
}
condition {
host_header {
values = ["proxy.portsite.com"]
}
}
}
Are both http_redirect and http_forward necessary for the routing? Or only http_redirect is good?
And, does the issue caused by it?
Best Answer
The redirect rule are used to force http to httpS.
To send traffic to a backend you need to use the forward action.
You can check the HTTP "Server" header to know who is sending the 503 error (either the ALB, nginx, ECS, ...)
The ECS' security group is allowing 80 from EC2's security group. : ECS security group must allow the private ALB. the private ALB security group must allow the EC2 instance