0

I cannot get access to the second port that I want to have to. So, here are the listeners I have in my ALB:

  1. HTTP:80 - that does not have security policy or SSL cert but it is always redirecting to port 443
  2. HTTPS:443 - which has an SSL Certificate and it is forwarding to a target group that is pointing to port 8080 on my EC2 instance
  3. HTTP:8081 - again without any security policies and it is forwarding to another target group that is pointing to the same EC2 instance, but to port 8081

However, my second target group, that points to port 8081, showing me unhealthy check and I cannot understand why. I do not have enough reputation in order to provide screenshot, but I have opened question on https://stackoverflow.com/questions/75725316/how-to-configure-aws-application-load-balancer-to-point-to-multiple-ports-on-the

I am not sure what is the reason for this. Basically, what is my setup - I have Node.js API that is running on the AWS EC2 instance, on port 8080, and I run it using the PM2. However, configured a development purposes only API that is currently running on port 8081, again using the PM2. I have access to port 8080, but unable to access the server at port 8081. Here is my Security Group (SG) that is allowing the access only from the LB:

  1. SSH TCP for port 22 with source 0.0.0.0/0
  2. Custom TCP for port 8080 with source to my main SG for the instance where I give access to ports 80, 8080, 8081
  3. Custom TCP for port 8081 - same as the previous one.

My PM2 list contains the following services running:

  1. App-name, running on port 8080
  2. Dev-app-name, running on port 8081

When I do lsof for port 8080, I see the following:

  • COMMAND | PID | USER | FD | TYPE | DEVICE | SIZE/OFF | NODE | NAME
  • node\x20/ | 1343 | ubuntu | 19u | IPV6 | 28188 | 0t0 | TCP | *:tproxy (LISTEN)

However, when I execute the lsof command for port 8081, it shows me the following: When I do lsof for port 8080, I see the following:

  • COMMAND | PID | USER | FD | TYPE | DEVICE | SIZE/OFF | NODE | NAME
  • node\x20/ | 1928 | ubuntu | 19u | IPV6 | 35040 | 0t0 | TCP | *:http-alt (LISTEN)
  • node\x20/ | 1928 | ubuntu | 25u | IPV6 | 75722 | 0t0 | TCP | *:ip--eu-central-1-compute.internal:http-alt -> ip--eu-central-1.compute.internal:41706 (ESTABLISHED)

Any answers or suggestions are appreciated!

Improve this question

1 Answer 1

Reset to default
1

Your processes are listening on IPv6 only but your security group doesn't have ports 8081 and 8080 open for IPv6, only for IPv4.

Improve this answer
1
  • That was the problem and it was so obvious, I just did not put any mean on the lsof results ... Thanks! Is it better to set rule for IPv6 or maybe to run somehow the APIs to listen on IPv4 ?
    – Vitomir
    Mar 14 at 15:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .