In ELB setting, we can see HTTP and TCP as protocols for Listeners and I am not sure what would be the difference if I set Listeners as below.
ELB AAA
Load Balancer Protocol: HTTP
Load Balancer Port: 80
ELB BBB
Load Balancer Protocol: TCP
Load Balancer Port: 80
I believe its the same thing HTTP makes use of the TCP protocol.
I'm assuming you are referring to the older Classic Load Balancer, which has both HTTP and TCP options. The newer ELB generation is segregated more clearly: Application Load Balancer supports only HTTP/HTTPS and Network Load Balancer supports only TCP/UDP.
Classic Load Balancer
Refer to this link:
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html
To understand the difference, you need to understand a little about OSI model Layer 4 and Layer 7.
When configured as HTTP:80, the ELB terminates the request. That is, the ELB intercepts the request before forwarding it to the backend over HTTP/TCP. This may seem trivial, but it allows ELB to perform additional features such as sticky sessions.
When configured as TCP:80, the ELB does not intercept the request. It simply forwards the request to the backend with the same set of headers. This is because it supposedly operates at the network level, which allows the ELB to be more performant.
Related
I have a Ruby on Rails App hosted on AWS using Elastic-beanstalk which works with HTTP 1 now I want to use HTTP 2. Can someone suggest me the best approach
If I remember correctly when you add a new load balancer to your Elastic Beanstalk environment, it defaults to using a Classic Load Balancer, which doesn't support HTTP/2, I think the solution would be using an Application Load Balancer that does support it, you can find this info here. You can also specify it while creating your environment as you can see here. This will only allow HTTP/2 communication between the client and the ALB, your ALB will convert those HTTP/2 requests into HTTP/1.1 to communicate with your instance.
As seen here: "If end-to-end HTTP/2 is a requirement for your application you can use a Layer 4 ELB ( Classic Load Balancer with TCP listener or Network Load Balancer). If you are interested also in SSL offloading the only option for now is Classic Load Balancer with an SSL listener."
I've setup 2 Rails server instances with an Elastic Load Balancer. I setup SSL via opsworks and when I hit the IP of my instances with https e.g. https://1.2.3.4 I can see the correct certificate.
However, when I hit the domain of the Elastic Load Balancer, a timeout is thrown (loads endlessly).
How should I setup ELB, to properly redirect with https to my instances?
Found the answer was in Security Groups. Besides setting all inbound connections to accept HTTPS protocol and port 443, you have to set the outbound connections of the ELB. I found out that they were only to HTTP, and trying to access the instances with HTTPS it failed. I setup a new outbound rule HTTPS to anywhere and it worked!
We configured ELB with sticky sessions for the JSESSIONID cookie for two tomcats (tomcat1 and tomcat2)(Flow is - Apache Http Server - ELB - tomcats)
AJP protocol with port 8009 has been configured on tomcat side as from AWS ELB there is no AJP option, we have configured with tcp:8009
So the Apache httpd.conf entry is, (xxx.amazonaws.com is ELB name)
BalancerMember ajp://xxx.amazonaws.com:8009
Somehow the sticky session is not working, the http request is sent to both tomcat servers. Is it because of the protocol on ELB side (tcp:8009)? We are not sure what is missing here, Need help!!
Once you change it to TCP you lose sticky sessions. It is an ELB limitation. You might be able to get away with switching the protocol to HTTP but with a different port other than 80.
Unless I am mistaken, you might have to setup an HA Proxy or something else instead of the ELB. Something that can do both TCP with sticky.
It is well know that websockets+sticky doesn't work on amazon.
https://forums.aws.amazon.com/thread.jspa?messageID=627367
Is it possible to capture and filter http traffic on a differnt port (other than port 80) that are going to a remote machine. I'm looking to trace traffic on port 8986 in this case ?
Fiddler doesn't care at all what port the HTTP/HTTPS traffic is coming from or going to. It's a proxy, which means that any traffic sent to it is shown.
What application are you trying to track? What networking code does it use?
See http://www.fiddlerbook.com/fiddler/help/hookup.asp for common proxy configuration steps.
I am using AWS EC2 instances with ELB. I know that ELB itself has SSL connection enabled. My EC2 instances does not support SSL.
Here comes my problem. I need to implement some kind of authentication method like oAuth.
Is there a way to authenticate users with ELB?
You can't do that on ELB.
I recommend you to take a look at the ELB documentation http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/Welcome.html and this blog post http://harish11g.blogspot.com.br/2012/03/ssl-offloading-elastic-load-balancing.html
In Kong, you can do one thing. You can terminate SSL (trusted, can use free SSL via ACM) on ELB of KONG and use the feature Accept HTTP if already terminated in OAUTH2 plugin. But keep in mind the ELB Listeners will be (Secure TCP 443)--> (Secure TCP 8443 [https port exposed by KONG]).