I've set up an ECS cluster with a single container, with an ELB to serve the traffic to it. The ELB listener is HTTPS/443, and the host listener is HTTP/8080. I.e. when you hit the URL it's HTTPS but the communication between the instance and the ELB is normal HTTP.
I've tried the following 2 setups:
Setup 1
Application Load Balancer. Here I had my Target Group pointing to port 80 (not 8080) with my host port on my container set to 0. This is to make use of dynamic port mapping.
In this setup I can see the instance register with the ELB and I can see the random port number used by the container. If I hit the IP of the EC2 instance with the random port number (e.g. :) I can reach the container. However hitting the URL of the ELB doesn't work.
Setup 2
Here I used a Classic Load Balancer, also listening on HTTPS, and connecting to port 8080 on the container instance. The container mapping has port 8080 set for the Host port. Again, if I hit the EC2 instance IP with port 8080, I can reach the container, but hitting the ELB URL doesn't work.
Network layer
NACL allows traffic from anywhere on ports 80, 443, 8080, and 32768-61000. I opened ports 32768-61000 for the dynamic port mapping of the Application Load Balancer. All outbound traffic is allowed. Security Group is setup the same as the NACL. This is for the container instance. The ELB has a Security Group that accepts any traffic from anywhere, basically the default Security Group.
When I curl the the default ELB URL I get the below:
curl: (56) Recv failure: Connection reset by peer
When I map the default URL to a custom domain URL, I get:
curl: (6) Could not resolve host
Any advice here? I've been at it for a few hours now and can't seem to figure it out. (Yes, my container service role allows permissions for ELB)
