Question

503 on load balancer through HTTPS. HTTP works fine.

Posted June 16, 2019 1.1k views
UbuntuDNSLoad Balancing

I have an HTTP server running on port 8080 of a droplet. I have a load balancer pointing at this droplet.

Here is the configuration in the load balancer:

Load Balancer      Droplet
HTTP on port 80    HTTP on port 8080
HTTPS on port 443  HTTP on port 8080

I have SSL redirect turned off.

If I do a curl on my http://domainname/, I get a valid response back. If I try https://domainname/, it hangs for 20s, but eventually I get a 503.

Does anyone have any suggestions?

3 comments
  • Did you figure this out? I am experiencing the same thing.

  • I’m also having this issue. @domlebo70 @atgreen have you been able to work this out?

  • Hi. I thought I already commented further on this, but it appears I forgot to.

    No, I never ended up working this out - it just magically resolved itself. I didn’t change anything, and I woke up a few days later and it was working. It doesn’t give me great confidence in the product (especially with the lack of any official comms from DO after a support enquiry).

    So yeah… I guess just wait it out, is the best I can offer.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello,

Have you configured a port for SSL on the Droplet(not the load balancer)? If yes, you should use that for the HTTPS connection from the load balancer.

Usually in these cases, you can use port 8080 on the droplet for HTTP connections and 8443 for HTTPS connections. Of course you need to open the mentioned port and configure your Load Balancer so that I knows what InstancePort and Protocol it should use.

If you are experiencing difficulties, post the configuration files here so that I can give you a more in depth advice.

  • This might be a dumb question, but I’m pretty sure I recall Rackspace and AWS loadbalancers working this way. Should setting SSL termination at the loadbalancer not require SSL processing on origin servers?

    If this is a limitation, and the origin nodes do in fact require ports that handles SSL, that would make the config options and docs misleading, right?

    It’s significant, because that could represent a lot of work in some cases.

I am experiencing similar problems. My current load balancer settings are as follows:

http on port 80 -> http on port 80
https on port 443 -> http on port 80

I’m using Let'sEncrypt certificate. My subdomains point to my load balancer IP.

Inbound rules for firewall have been open for port 443 and port 80.

Any advices is appreciated.

Submit an Answer