- Newest
- Most votes
- Most comments
Check your security groups.
Load balancer security group should allow inbound TCP on port 80 (and it sounds like this is in place), and outbound TCP on port 8080 whose target is either:
- the private IP address of the EC2 that runs tomcat
- the CIDR address of the subnet in which the tomcat EC2 is provisioned
- the security group ID (sg-01234567890abcdef) of the SG that is associated with the tomcat EC2
EC2 security group should allowe inbound TCP on port 8080 from either:
- the private IPs of the load balancer
- the CIDR address ranges of the private subnets in which the load balancer is provisioned
- the security group ID of the SG that is associated with the load balancer.
After all that it may still not work for you though. I can't find a definitive statement but I have a feeling that a classic load balancer can only forward a connection onto an IP address only, and can't append a path. So in your example here - http://<private IP>:8080/myapp - it will only forward to http://<private IP>:8080/ and you would need to do some reverse-proxying on the EC2 to redirect this to /myapp
Or use an application load balancer, which gets around this issue.
To add a TCP listener on port 8080, select your Load Balancer in the console, go to Listeners -> Manage listeners, -> Add listener, then add TCP port 8080 and Save the changes.
A tutorial on how to create a Classic Load Balancer can help too (use port 8080 instead of 80).
Relevant content
- Accepted Answerasked 7 months ago
- Accepted Answerasked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
It still does not work and I am getting no evidence of a request on the EC2 tomcat host at 8080. here is what I know...
I allowed for INBOUND traffic to the load balancer on port 80 (IPV4 and IPV6) I can telnet to the public address (PIV4) of the load balancer on port 80 and it is listening.
I allowed for OUTBOUND traffic on the load balancer on port 8080 to the EC2 Security group. Port 8080 is open on my EC2 Windows Defender Firewall
I also allowed outbound traffic to pl-0068613c321dee54b - com.amazonaws.us-west-2.route53-healthchecks
Inbound Rules
sgr-070ce410eb01f3adf – Custom TCP TCP 8081 sg-0e1d80d021bef3ee2 / EC2 2023 SPHOF Classic Load Balancer sgr-07f2d0c61cdf80304 – Custom TCP TCP 8080 pl-0068613c321dee54b (com.amazonaws.us-west-2.route53-healthchecks) LB Health sgr-0f2ce92dae5c00452 – Custom TCP TCP 8080 sg-0e1d80d021bef3ee2 / EC2 2023 SPHOF Classic Load Balancer sgr-0245a35fc3a359755 – Custom TCP TCP 8081 pl-0068613c321dee54b (com.amazonaws.us-west-2.route53-healthchecks) LB Health
Is there a logfile for a Load Balancer? I feel like I am running blind as I can only test the listen on the Load balancer. Please advise thx Charlie D
On the load balancer, in "Listeners and routing" can you confirm that Listener is HTTP:80 and Instance is HTTP:8080 ?
The health check was set to http://<host>/index.html. Surprisingly, I didn't get a 404 in the status graphs of the LB. Once I changed it to index.jsp, I had to delete the instance from the load balancer and then add it again. Then the instance passed the health check. Thanks for your help with this.
This leads to another question. I will have 2 Tomcat instances listening on 8080 and 8081. Is there a way with the newer load balancers to have health checks on both ports (it would be the same host) ? Usually when I deploy, I keep 1 tomcat instance up while stopping and deployed a new war file on the other. Hence my question. Thanks Charlie D