Hi,
I’m wondering if someone might be able to offer a hint or two. I’m attempting to run BaseX in AWS behind a Network Load Balancer (NLB) using the 9.5.2 docker image with the default config to start with. I’ve setup a TCP target group and the healthcheck appears happy on port 1984.Reachability analyser suggests firewall is good to go. From the local box I can telnet localhost 1984:
telnet localhost 1984 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. BaseX:3334891053316136
I get a similar response if I use the server’s private IP address:
telnet 10.x.x.x 1984 Trying 10.x.x.x... Connected to 10.x.x.x. Escape character is '^]'. BaseX:3335242111998298
So far, so good.
If I attempt the same via the NLB I get a timeout, which suggests to me either firewall issue or the application is refusing to listen for some reason. The documentation, seems to suggest by default, basex should respond to requests from any IP or hostname, do I understand that correctly, or do I need to alter the default config?
Thanks in advance!
Hi Harry,
one thing that hits me frequently on cloud machines provisioned by others is SELinux. If your host is running Linux of course...
In this case there is some documentation around how to check it out by looking into the logs of your proxy service (the error should something like "not permitted").
Check the Selinux property for http proxies with:
sudo getsebool -a | grep http
Whereas to disable selinux enforcement on http proxy permanently (-P flag):
sudo setsebool -P httpd_verify_dns 0
Regards,
Marco.
On 18/11/22 13:18, Harry King wrote:
Hi,
I’m wondering if someone might be able to offer a hint or two. I’m attempting to run BaseX in AWS behind a Network Load Balancer (NLB) using the 9.5.2 docker image with the default config to start with. I’ve setup a TCP target group and the healthcheck appears happy on port 1984.Reachability analyser suggests firewall is good to go. From the local box I can telnet localhost 1984:
telnet localhost 1984 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. BaseX:3334891053316136
I get a similar response if I use the server’s private IP address:
telnet 10.x.x.x 1984 Trying 10.x.x.x... Connected to 10.x.x.x. Escape character is '^]'. BaseX:3335242111998298
So far, so good.
If I attempt the same via the NLB I get a timeout, which suggests to me either firewall issue or the application is refusing to listen for some reason. The documentation, seems to suggest by default, basex should respond to requests from any IP or hostname, do I understand that correctly, or do I need to alter the default config?
Thanks in advance!
Thanks for the advice Marco,
I’m using Amazon Linux 2 on the Docker host, which appears to have SELinux disabled by default already. So great suggestion, but not apparently the issue here.
sudo getsebool -a | grep http getsebool: SELinux is disabled
Looking at the Dockerfile, it looks like the image is built using a alpine docker image, so no SELinux within the docker container. bash-4.4$ getsebool -a | grep http bash: getsebool: command not found
On 18 Nov 2022, at 14:11, Marco Lettere m.lettere@gmail.com wrote:
Hi Harry,
one thing that hits me frequently on cloud machines provisioned by others is SELinux. If your host is running Linux of course...
In this case there is some documentation around how to check it out by looking into the logs of your proxy service (the error should something like "not permitted").
Check the Selinux property for http proxies with:
sudo getsebool -a | grep http
Whereas to disable selinux enforcement on http proxy permanently (-P flag):
sudo setsebool -P httpd_verify_dns 0
Regards,
Marco.
On 18/11/22 13:18, Harry King wrote:
Hi,
I’m wondering if someone might be able to offer a hint or two. I’m attempting to run BaseX in AWS behind a Network Load Balancer (NLB) using the 9.5.2 docker image with the default config to start with. I’ve setup a TCP target group and the healthcheck appears happy on port 1984.Reachability analyser suggests firewall is good to go. From the local box I can telnet localhost 1984:
telnet localhost 1984 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. BaseX:3334891053316136
I get a similar response if I use the server’s private IP address:
telnet 10.x.x.x 1984 Trying 10.x.x.x... Connected to 10.x.x.x. Escape character is '^]'. BaseX:3335242111998298
So far, so good.
If I attempt the same via the NLB I get a timeout, which suggests to me either firewall issue or the application is refusing to listen for some reason. The documentation, seems to suggest by default, basex should respond to requests from any IP or hostname, do I understand that correctly, or do I need to alter the default config?
Thanks in advance!
Hi Harry,
When I get timeouts for our EC2 instances during development, it's almost always because I don't have the right inbound rules in the security group. Do you have an inbound rule in the security group on the BaseX application that allows traffic from either the client IP (with preservation enabled) or your VPC on port 1984?
-Tamara
On Fri, Nov 18, 2022 at 6:29 AM Harry King harry.king@groundcontrol.com wrote:
Thanks for the advice Marco,
I’m using Amazon Linux 2 on the Docker host, which appears to have SELinux disabled by default already. So great suggestion, but not apparently the issue here.
sudo getsebool -a | grep http getsebool: SELinux is disabled
Looking at the Dockerfile, it looks like the image is built using a alpine docker image, so no SELinux within the docker container. bash-4.4$ getsebool -a | grep http bash: getsebool: command not found
On 18 Nov 2022, at 14:11, Marco Lettere m.lettere@gmail.com wrote:
Hi Harry,
one thing that hits me frequently on cloud machines provisioned by others is SELinux. If your host is running Linux of course...
In this case there is some documentation around how to check it out by looking into the logs of your proxy service (the error should something like "not permitted").
Check the Selinux property for http proxies with:
sudo getsebool -a | grep http
Whereas to disable selinux enforcement on http proxy permanently (-P flag):
sudo setsebool -P httpd_verify_dns 0
Regards,
Marco.
On 18/11/22 13:18, Harry King wrote:
Hi,
I’m wondering if someone might be able to offer a hint or two. I’m attempting to run BaseX in AWS behind a Network Load Balancer (NLB) using the 9.5.2 docker image with the default config to start with. I’ve setup a TCP target group and the healthcheck appears happy on port 1984.Reachability analyser suggests firewall is good to go. From the local box I can telnet localhost 1984:
telnet localhost 1984 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. BaseX:3334891053316136
I get a similar response if I use the server’s private IP address:
telnet 10.x.x.x 1984 Trying 10.x.x.x... Connected to 10.x.x.x. Escape character is '^]'. BaseX:3335242111998298
So far, so good.
If I attempt the same via the NLB I get a timeout, which suggests to me either firewall issue or the application is refusing to listen for some reason. The documentation, seems to suggest by default, basex should respond to requests from any IP or hostname, do I understand that correctly, or do I need to alter the default config?
Thanks in advance!
basex-talk@mailman.uni-konstanz.de
-
Harry King -
Marco Lettere -
Tamara Marnell