Ryfujk

Why aren't air breathing engines used as small first stages

Is it fair for a professor to grade us on the possession of past papers?

How to answer "Have you ever been terminated?"

What is homebrew?

How to tell that you are a giant?

Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?

Fundamental Solution of the Pell Equation

Is the Standard Deduction better than Itemized when both are the same amount?

Is there a holomorphic function on open unit disc with this property?

また usage in a dictionary

Do I really need to have a message in a novel to appeal to readers?

Compare a given version number in the form major.minor.build.patch and see if one is less than the other

What does "lightly crushed" mean for cardamon pods?

Closed form of recurrent arithmetic series summation

Can a new player join a group only when a new campaign starts?

Around usage results

How to compare two different files line by line in unix?

What does the "x" in "x86" represent?

Irreducible of finite Krull dimension implies quasi-compact?

Circuit to "zoom in" on mV fluctuations of a DC signal?

Do wooden building fires get hotter than 600°C?

Why are there no cargo aircraft with "flying wing" design?

Declining "dulcis" in context

What's the meaning of "fortified infraction restraint"?

How are ALB HTTPS health checks verified?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

0

When AWS application load balancers are configured to use HTTPS health checks, how are those verified? What subject name is matched against? What certificates are used?

Whenever I try to use HTTPS health checks, the ALB reports the health checks have failed, and I'm trying to get details about how the check is made.

amazon-web-services amazon-elb

share|improve this question

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

bumped to the homepage by Community♦ 19 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Health checks only use IP addresses, not hostnames. They do not care, nor could they, if the cert matches the requested name.
  
  – EEAA
  May 2 '17 at 4:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @EEAA, that's what I guessed. ELBs can care, but only because it's possible to specify the cert.
  
  – Paul Draper
  May 2 '17 at 4:43
  

  
  
  
  

add a comment | 

0

When AWS application load balancers are configured to use HTTPS health checks, how are those verified? What subject name is matched against? What certificates are used?

Whenever I try to use HTTPS health checks, the ALB reports the health checks have failed, and I'm trying to get details about how the check is made.

amazon-web-services amazon-elb

share|improve this question

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

bumped to the homepage by Community♦ 19 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Health checks only use IP addresses, not hostnames. They do not care, nor could they, if the cert matches the requested name.
  
  – EEAA
  May 2 '17 at 4:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @EEAA, that's what I guessed. ELBs can care, but only because it's possible to specify the cert.
  
  – Paul Draper
  May 2 '17 at 4:43
  

  
  
  
  

add a comment | 

When AWS application load balancers are configured to use HTTPS health checks, how are those verified? What subject name is matched against? What certificates are used?

Whenever I try to use HTTPS health checks, the ALB reports the health checks have failed, and I'm trying to get details about how the check is made.

amazon-web-services amazon-elb

share|improve this question

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

share|improve this question

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

share|improve this question

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

asked May 2 '17 at 3:56

Paul DraperPaul Draper

192216

1 Answer
1

active

oldest

votes

0

Have you read the documentation? The health checks are to an IP, but the documentation that I've read doesn't say anything about certificates. If you want to have health checks over https it would be safest to have a valid working https certificate on your origin.

If the status of a target is any value other than Healthy, the API returns a reason code and a description of the issue, and the console displays the same description in a tooltip. Note that reason codes that begin with Elb originate on the load balancer side and reason codes that begin with Target originate on the target side.

In short, it will tell you what the problem is if you look in the right place.

The health check is an http/s request to the path you specify. That URL has to return a 200 status code, though it can be configured to interpret another code as healthy - see the doc link above.

The HTTP codes to use when checking for a successful response from a
target. You can specify values or ranges of values between 200 and
499. The default value is 200.

share|improve this answer

answered May 2 '17 at 4:36

TimTim

18.1k41950

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In my case the error is "Target.FailedHealthChecks".
  
  – Paul Draper
  May 2 '17 at 4:42
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  curl the failed health check target including path - eg curl -i 1.2.3.4/health . Edit your question to include the curl, the response (headers and status code). Check the logs on the server, say the web server access and error logs, post correlated logs from your curl. Please don't reply in a comment, it's too difficult to read.
  
  – Tim
  May 2 '17 at 5:39
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f847694%2fhow-are-alb-https-health-checks-verified%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

Have you read the documentation? The health checks are to an IP, but the documentation that I've read doesn't say anything about certificates. If you want to have health checks over https it would be safest to have a valid working https certificate on your origin.

If the status of a target is any value other than Healthy, the API returns a reason code and a description of the issue, and the console displays the same description in a tooltip. Note that reason codes that begin with Elb originate on the load balancer side and reason codes that begin with Target originate on the target side.

In short, it will tell you what the problem is if you look in the right place.

The health check is an http/s request to the path you specify. That URL has to return a 200 status code, though it can be configured to interpret another code as healthy - see the doc link above.

The HTTP codes to use when checking for a successful response from a
target. You can specify values or ranges of values between 200 and
499. The default value is 200.

share|improve this answer

answered May 2 '17 at 4:36

TimTim

18.1k41950

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In my case the error is "Target.FailedHealthChecks".
  
  – Paul Draper
  May 2 '17 at 4:42
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  curl the failed health check target including path - eg curl -i 1.2.3.4/health . Edit your question to include the curl, the response (headers and status code). Check the logs on the server, say the web server access and error logs, post correlated logs from your curl. Please don't reply in a comment, it's too difficult to read.
  
  – Tim
  May 2 '17 at 5:39
  

  
  
  
  

add a comment | 

0

Have you read the documentation? The health checks are to an IP, but the documentation that I've read doesn't say anything about certificates. If you want to have health checks over https it would be safest to have a valid working https certificate on your origin.

If the status of a target is any value other than Healthy, the API returns a reason code and a description of the issue, and the console displays the same description in a tooltip. Note that reason codes that begin with Elb originate on the load balancer side and reason codes that begin with Target originate on the target side.

In short, it will tell you what the problem is if you look in the right place.

The health check is an http/s request to the path you specify. That URL has to return a 200 status code, though it can be configured to interpret another code as healthy - see the doc link above.

The HTTP codes to use when checking for a successful response from a
target. You can specify values or ranges of values between 200 and
499. The default value is 200.

share|improve this answer

answered May 2 '17 at 4:36

TimTim

18.1k41950

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In my case the error is "Target.FailedHealthChecks".
  
  – Paul Draper
  May 2 '17 at 4:42
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  curl the failed health check target including path - eg curl -i 1.2.3.4/health . Edit your question to include the curl, the response (headers and status code). Check the logs on the server, say the web server access and error logs, post correlated logs from your curl. Please don't reply in a comment, it's too difficult to read.
  
  – Tim
  May 2 '17 at 5:39
  

  
  
  
  

add a comment | 

Have you read the documentation? The health checks are to an IP, but the documentation that I've read doesn't say anything about certificates. If you want to have health checks over https it would be safest to have a valid working https certificate on your origin.

If the status of a target is any value other than Healthy, the API returns a reason code and a description of the issue, and the console displays the same description in a tooltip. Note that reason codes that begin with Elb originate on the load balancer side and reason codes that begin with Target originate on the target side.

In short, it will tell you what the problem is if you look in the right place.

The health check is an http/s request to the path you specify. That URL has to return a 200 status code, though it can be configured to interpret another code as healthy - see the doc link above.

The HTTP codes to use when checking for a successful response from a
target. You can specify values or ranges of values between 200 and
499. The default value is 200.

share|improve this answer

answered May 2 '17 at 4:36

TimTim

18.1k41950

share|improve this answer

answered May 2 '17 at 4:36

TimTim

18.1k41950

answered May 2 '17 at 4:36

TimTim

18.1k41950

answered May 2 '17 at 4:36

TimTim

18.1k41950