- Newest
- Most votes
- Most comments
That's because load balancers listens on port 80 for HTTP and 443 for HTTPS by default to then forward the request to the desired port on the target group.
When registering the target group, set the port to 5000. Then connect to the Load Balancer on 80 or 443. If you really wanna change the load balancer listener port you must edit the listener property.
This an example of where you would change your listener property when creating an ALB. This is the port where the ALB listens for requests coming from the internet (or vpc if internal)!
This is where you change the port on which your target group listens for requests coming from your ALB when creating a target group.
Guess you set your LB listening port as generic http(or https). You can put custom listening port number on LB setting (in your case scenario it will be a 5000)
When I set the Load Balancer listener to listen on port 80 and configured the target group forwarding port to 5000, the problem got resolved. Much appreciate the help/pointers here.
From how you describe it your listener rules are setup correctly, and it's just plain HTTP (no HTTPS) so there are no certificates to consider.
Is the target group healthcheck configured for port 5000 on the EC2 targets, and is that green?
You mention the Internet-facing DNS of the Application load balancer, I assume this is the public DNS which will be something like MyALB-123456789.my-region-1.elb.amazonaws.com. Although it has a public DNS name, and by extension public IP addresses (an ALB has to be in at least two availability zones) double-check the ALB is in a public subnet, that is to say a subnet whose route table has an entry for an internet gateway.
Assuming it's in a public subnet, consider the security group rules. It sounds like the ALB needs inbound 80/tcp and 5000/tcp open from at least your IP (make it 0.0.0.0/0 just for troubleshooting, you can always tighten it up later), and then outbound 5000/tcp to the private IPs of the EC2s (better to make it the IP ranges of the subnets that target EC2s could be provisioned in).
And the EC2s will need an inbound 5000/tcp rule whose source is the private IP addresses of the ALB (or their subnets). As you are able to hit the EC2s directly on port 5000 using a browser it sounds like you may already have this port open from all addresses anyway.
When I set the Load Balancer listener to listen on port 80 and configured the target group forwarding port to 5000, the problem got resolved. Much appreciate the help/pointers here. All the rest was configured correctly as mentioned above. Though I didnt implement a health check page, the ALB still works - JFYI.
Relevant content
- Accepted Answerasked 7 months ago
- asked 2 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
Thanks a ton, that was the issue. When I set the Load Balancer listener to listen on port 80 and configured the target group forwarding port to 5000, the problem got resolved. Much appreciate the help/pointers here.