I created new beanstalk environment PHP 7.3 running on 64bit Amazon Linux/2.9.6, Apache - with default PHP sample app. It's a classic load balancer type. But for now I have made it listening only to http at port 80. No https.
After deployment default PHP sample app runs fine on beanstalk environment url(cname) provided. Sample PHP app opens and because my environment is listening to just http so in browser I get "not secure" warning as normal behaviour but my Beanstalk URL is working so far and I see PHP sample app on browser.
Now I created fresh Laravel 7.x projects on my local machine. I tested and default "/" route points to welcome Laravel page. I deployed this sample Laravel project to my environment using EB on my Mac terminal.
Deploy is successful. I change the document root to "/public" in configuration because Laravel's index in inside public folder. Environment is in green health. Now I open Beanstalk URL and I see it's just taking a minute or so then it fails to load page saying "server where this page is located isn't responding" in Safari browser.
I checked my security group and it is listening to both http and ssh.
Final note: I have been doing this for long time. This is my first time experiencing this issue. Am I missing something?
Edit
I went inside Ec2 dashboard. I copied both Public DNS (IPv4) and IPv4 Public IP, tried accessing them in browser. It just takes time to connect and finish with "page not responding error".
My inbound rules for my security group:
HTTP TCP 80 0.0.0.0/0 -
SSH TCP 22 0.0.0.0/0 -
HTTPS TCP 443 0.0.0.0/0 -
Edit 2
Here is my access log from environment logs:
172.31.21.84 (103.86.57.43) - - [24/May/2020:18:34:31 +0000] "GET / HTTP/1.1" 301 278 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
103.86.57.58 (-) - - [24/May/2020:18:37:45 +0000] "GET / HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
172.31.10.171 (195.154.94.244) - - [24/May/2020:18:45:10 +0000] "GET / HTTP/1.1" 301 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
I see that GET is called on / and http 301 is returned. It moved permanently. What does this mean?
I solved my issue by creating new fresh environment from eb cli in terminal using
eb create
Not sure why this worked but gave issue when creating environment from console dashboard.
Related
I was asked to take a look at environment and I'm trying to figure things out right now.
The trouble I'm facing is that there's AWS ALB 504 timeout after ALB's idle timeout setting whenever backend API (express.js) expected to return 401, 404, or probably any 4xx within second or two.
Request and response for other status 200 302 etc works just fine.
I believe the environment is setup using Elastic Beanstalk and looks like
ALB <==> nginx <==> express.js
where nginx and express.js are in single EC2 instance.
I don't see .ebextensions folder in source so I'm guessing it was setup using web management console.
In ALB log,
When backend expect to return 401, I'm getting :
h2 2022-10-07T04:57:29.140969Z app/awseb-xxxxxxxxxxxx/xxxxxxxxx xxx.xxx.xxx.xxx:62296 xxx.xxx.xxx.xxx:80 0.001 -1 -1 504 - 633 605 "POST https://[url1]....
When backend expect to return 404, I'm getting :
h2 2022-10-07T05:37:18.740746Z app/awseb-xxxxxxxxxxxx/xxxxxxxxx xxx.xxx.xxx.xxx:60324 xxx.xxx.xxx.xxx:80 0.001 -1 -1 504 - 569 605 "GET https://[url2]....
In nginx log,
[ALB IP] - - [07/Oct/2022:04:57:29 +0000] "POST /somepath HTTP/1.1" 499 0 "https://[url1]" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "xxx.xxx.xxx.xxx"
[ALB IP] - - [07/Oct/2022:05:37:18 +0000] "GET [url2] HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "xxx.xxx.xxx.xxx"
This 504, 499 issue does not occur on environment without ALB configuration.
I have following file in source's root directory and seems like it's been loaded. (at least client_max_body_size works and uploading large file fails if not loaded)
.platform/nginx/conf.d/proxy.conf
proxy_http_version 1.1;
client_max_body_size 200M;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 32k;
proxy_buffers 50 32k;
proxy_busy_buffers_size 32k;
proxy_next_upstream off;
I've looked at https://aws.amazon.com/premiumsupport/knowledge-center/504-error-alb/
but I'm not sure if the situation matches any of those 5 and how I should be diagnosing this. Any advice or pointers would be much appreciated.
I'm trying to figure out why this is happening. In production, my site https://gordo.fitness returns the favicons apple-touch-icon.png, favicon-16x16.png, favicon-16x16.png and favicon.ico are not properly loaded/served to the browser (Firefox, Chrome, Firefox for Android, Chrome for Android). The browsers for desktop report that the resource in itself is corrupt and this favicon checker reports those same resources are "ill-formed"
But locally, the Docker containers (docker container run --rm my-container -p 80:80) that serve the images show them properly:
172.17.0.1 - - [10/Jul/2022:00:55:53 +0000] "GET /favicon.ico HTTP/1.1" 200 15086 "http://localhost/favicon-16x16.png" "Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0" "-"
And, no complains or 404s coming from Ingress NGINX either:
10.124.0.3 - - [10/Jul/2022:00:37:47 +0000] "GET /favicon-16x16.png HTTP/1.1" 200 1189 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36" 244 0.004 [gordo-fitness-gordo-frontend-staging-service-80] [] 10.244.1.4:3000 1189 0.004 200 7d0bb41030dea1e7152a6bfd3ce64e76
137.184.180.250 - - [10/Jul/2022:00:37:47 +0000] "GET /favicon-16x16.png HTTP/1.1" 200 1189 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36" 244 0.003 [gordo-fitness-gordo-frontend-staging-service-80] [] 10.244.1.4:3000 1189 0.000 200 0024ae0458b1c5b7f80c12b224c2ef01
So I'm out of clues and don't know what's happening, maybe I did something wrong with my Ingress configuration?:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: letsencrypt-nginx
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"cert-manager.io/issuer":"letsencrypt-nginx"},"name":"gordo-fitness-ingress","namespace":"gordo-fitness"},"spec":{"ingressClassName":"nginx","rules":[{"host":"gordo.fitness","http":{"paths":[{"backend":{"service":{"name":"gordo-frontend-staging-service","port":{"number":80}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["gordo.fitness"],"secretName":"letsencrypt-nginx"}]}}
creationTimestamp: "2022-07-06T06:31:02Z"
generation: 5
name: gordo-fitness-ingress
namespace: gordo-fitness
resourceVersion: "1381386"
uid: b0377c4d-737f-4722-8ea9-d052df7970eb
spec:
ingressClassName: nginx
rules:
- host: gordo.fitness
http:
paths:
- backend:
service:
name: gordo-frontend-staging-static-service
port:
number: 8081
path: /[[:alnum:]]+\.(ico|png|svg|txt|webmanifest|xml)
pathType: Exact
- backend:
service:
name: gordo-frontend-staging-service
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- gordo.fitness
secretName: letsencrypt-nginx
status:
loadBalancer:
ingress:
- ip: 146.190.0.179
EDIT:
checking with dhex I see there are 2 bits changed in the file after being served vs the original from disk:
I believe the issue is not with the serving of the content, rather the content itself is corrupt. I mean there is nothing wrong with your ingress configuration, or the site traffic setup in general.
If you try and open the icon you downloaded with GET ==> 200 OK, you might see that the icon is indeed corrupted. The HTTP protocol does not verify the "sanity" of the data, and so, as far as HTTP is concerned, you can have a mixture of random bytes encoded into a PNG file, and it will transport them successfully as well. It will only verify the content encoding correctness, not the sanity of the payload.
Perhaps you can try and regenerate the icons.
Files were corrupted on the repository, probably something is wrong with my Git configuration (newline replacement, maybe?) since the generated files come from a third-party service, and thus something may be changed in the contents by Git.
I work around this activating Git LFS in my repository.
I tried deploying a spring boot application as a war on an Azure App Service (Windows, java 8 , tomcat 8.5) .
It's a spring webflux application working with Server Sent Events so I need to have http2 support.
However even when http2 is enabled in the App Service I noticed that SSE is not working.
Looking in the logs I find that it is still using HTTP/1.1 under the covers.
From kudu D:\home\LogFiles\http\RawLogs
127.0.0.1 - - [12/Nov/2019:20:19:43 +0000] "GET /api/rooms/someroom/users/Gms_2290/info/subscribe HTTP/1.1" 200 5 144
127.0.0.1 - - [12/Nov/2019:20:19:44 +0000] "GET /api/rooms/someroom/users/Gms_2290/music/subscribe HTTP/1.1" 200 5 16
127.0.0.1 - - [12/Nov/2019:20:19:46 +0000] "GET /api/rooms/someroom/users/Gms_2290/heartbeat HTTP/1.1" 200 5 142
127.0.0.1 - - [12/Nov/2019:20:19:46 +0000] "GET /api/rooms/someroom/users/Gms_2290/info/subscribe HTTP/1.1" 200 5 19
127.0.0.1 - - [12/Nov/2019:20:19:48 +0000] "GET /api/rooms/someroom/users/Gms_2290/music/subscribe HTTP/1.1" 200 5 32
127.0.0.1 - - [12/Nov/2019:20:19:49 +0000] "GET /api/rooms/someroom/users/Gms_2290/heartbeat HTTP/1.1" 200 5 16
What I've tried
I tried playing with the java versions (switching between 8 and 9)
I tried playing with the Tomcat versions (8.5 and 9)
Linux angle
I first tried deploying the application to a Linux App Service (with java 8 and Tomcat 8.5)
That resulted in following errors from the log Stream
java.lang.IllegalStateException: Async support must be enabled on a servlet and for all filters involved in async request processing
I suspect Tomcat might need some extra configuration in order to use the App Service SSL and thereby allowing http2, but I can't find a good way to configure the Tomcat used.
Any help is appreciated!
I verified that a Spring WebFlux application that uses SSE works fine in App Service Linux when run as a jar file (using the Java SE 8 offering with HTTP 1.1). So the issue you are experiencing seems to be related to Tomcat configuration.
For investigation, can you share the repro that works fine on Tomcat locally but fails when run on Tomcat in App Service?
I've updated docker on my os x 10.10, so it's now using os x native virtualization. However, I've found it tricky to connect to my host machine from within my nginx container. I tried this:
/sbin/ip route|awk '/default/ { print $3 }'
And got the answer:
172.17.0.1
Then I used this ip in docker-compose.yml:
extra_hosts:
- "master:172.17.0.1"
But nonetheless I keep getting errors:
172.17.0.1 - - [21/Jul/2016:09:33:46 +0000] "GET /api HTTP/1.1" 502 575 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" "-"
2016/07/21 09:33:46 [error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.17.0.1, server: soc-credit.ru, request: "GET /api HTTP/1.1", upstream: "http://172.17.0.5:8080/api", host: "localhost"
Please note this part: client: 172.17.0.1. Since I've made request from host machine, it proves that ip I got in first step was correct. But connection wasn't established anyway.
I want to stress out that I have a problem connecting FROM WITHIN container TO host and not vice versa.
What am I doing wrong? Thank you!
Had the same problem and being inexperienced in Docker and network configurations I struggled to get the various proposed solutions working. However since this update to Docker for Mac:
Docker Community Edition 17.06.0-ce-mac18, 2017-06-28 (stable)
I've found using the 'experimental' hostname docker.for.mac.localhost
allows me to contact services running on the Mac host from within a container. Very useful for dev!
I am having the same problem and I've found this
https://docs.docker.com/docker-for-mac/networking/#/known-limitations-use-cases-and-workarounds
Notice paragraph 'I want to connect from a container to a service on the host'
I haven't yet tried it because I am looking for a more concrete solution (anyway other than adding alias to my lo address)...
If somebody has something on it please inform!
From docker 18.03 onwards official recommendation is to connect to the special DNS name host.docker.internal, which resolves to the internal IP address used by the host, this is for development purpose, refer to https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds
latest:DNS name host.docker.internal should be used for host resolution from containers. Older aliases (still valid) are deprecated in favor of this one. (See https://datatracker.ietf.org/doc/html/draft-west-let-localhost-be-localhost-06).
docker.for.mac.host.internal should be used instead of docker.for.mac.localhost from Docker Community Edition 17.12.0-ce-mac46 2018-01-09.
this allows you to connect to service running on your on mac from within a docker container.please refer below links
understanding the docker.for.mac.localhost behavior
release notes
What i have:
Server with virtualbox, where via vagrant I setup a virtual machines. this VMs behind NAT virtualbox
In logs of web server I got this IP address 10.0.2.2
10.0.2.2 - - [19/Apr/2016:17:11:03 +0300] "GET /place/find-by-text?term= HTTP/1.1" 302 5 "********board" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
But for some reason I need to get a real IP address in my VMs webservers
I found that topics https://serverfault.com/questions/290116/how-to-get-virtualbox-nat-working-with-actual-client-ips where suggest use
VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly
But it doesn't help, maybe I don't understood correctly, and I still see NAT virtualbox address 10.0.2.2
How to resolve this problem?
UDP: In access log of webserver(nginx for me) I want to see the real IP of client(like this 15.15.15.120) not address 10.0.2.2
UDP: My server have only one public IP and I don't have able to put VM into internet directly.
You can make a request out to the network to get the information:
curl http://ipinfo.io/ip
This has the added advantage of also getting the IP address of the internet facing host (in the case when your guest is double or triple NAT'd)