AWS Load Balancer to multiple ports on the same server with no PAT

Question

I have an EC2 webserver which is serving up an app that listens on ports 80,8080, 443 and 8443. Outside clients need to talk to it on those ports (no port translations). I'm trying to put this behind a load balancer but the plethora of required ports is confusing me.

I have one ALB listening on the 4 ports, all forwarding to the same Target Group. The Target group has a default port of 443 but has the web server registered as 4 different targets, one for each of the ports (80,8080,443,8443).

Is this the correct way to go about this? Traffic doesn't seem to be flowing correctly. I'm concerned the ALB is receiving traffic on 443 and fowarding it to the server a different port, picking ports from the Registered targets. Do I need 4 different target groups, each with only 1 registered target?

Answer 1

You will need to setup your listeners to connect to the backend using the same port numbers (80->80, 443->443, ...) if you do not want any port translations.

So in your setup you will need your backend listening on ports 80, 443, 8080, 8443.

You will need ALB listeners setup to listen on 80, 443, 8080, 8443. Your listeners will forward requests to the same port that it is listening on (80 -> 80, 443 -> 443, ....)

Make sure that you set the type of listener correctly to match your protocols (HTTP or HTTTP). If your listeners are configured for 443 -> 443 and HTTPS -> HTTPS then you will need SSL certificates configured on the backend. Otherwise you can configure your listeners to SSL terminate and do HTTPS (443) to HTTP (443) but make sure that the backend is not configured for HTTPS in this case.

This may seem confusing at first - it is not. Just think of a Listener as the middle-man. He can either repeat your request (HTTPS -> HTTPS) or translate (HTTPS -> HTTP). Listeners can listen on one port (80) and forward to another port (8080). Each of these items is configurable.