In what manner, specifically, do they always fail? What information does Amazon provide on its health check? It’s really important to get the exact error. Did their check timeout? Was there a protocol error? Is Amazon seeing non-200 responses for the endpoint? The nature of Amazon’s error will tell us what we need to troubleshoot.
Unfortunately, Amazon does not supply any sort of information on the type of load balancer I’m using. Simply says “unhealthy”
From my understanding Amazon load balancer is simply asking looking for a 200 success code message. And this does work perfectly on port 80. Just when I try this on port 81 (or any other port) it doesn’t work.
I guess what my bottom line is:
Assuming the issue is let’s say on Amazon, does CaddyServer support having ports 80 and 443 do reverse proxy, while a different port just reponse to the health check.
From my Caddyfile above, am I missing something?
I’m testing for hours different things and it seems very inconsistent (to me at least).
For example, this would work:
But this won't:
I'm hoping you can shed some more light on this, I'd really appreciate even random ideas of what I can attempt and test.
I’m going to guess that one possibility is that Amazon requires a HTTP endpoint, not a HTTPS endpoint.
*.amazonaws.com:80 will produce a HTTP listener, *.amazonaws.com:81 will produce a self-signed/locally-trusted HTTPS listener with a redirect set up on port 80 (Caddy is HTTPS-first, HTTP only on explicit scheme or default HTTP port).
Try http://*.amazonaws.com:81 and see if that makes a difference.
I just tried that but unfortunately it didn’t work. However it gave me several ideas of things I can try along these lines. I’ll try different ports, protocols and combinations of those. Hopefully if I shoot enough I’ll hit something.
Here’s my findings.
If I forward my domain directly to the Caddy server it does forward correctly to HTTPS. However if I forward my domain to the static IP address on my load balancer, that doesn’t seem to forward to https. Clearly not an issue with Caddy.
Here’s a screenshot of the network tab for these requests. I don’t see the “server : Caddy” in the header, I guess that means it’s not even hitting the Caddy server.
Thanks everyone for your help. This ended up mostly being an issue with my configuration on AWS.
All good now.
In case anyone else is building something similar using AWS. Keep in mind you must use a TCP load balancer but since each target group only accepts one type of traffic (http or https) and you can’t redirect on network load balancer, you must create 2 different target groups. One of http and one for https.