Django Celery with ALB on AWS persistent HTTP 502 Bad Gateway error
I can't figure out what's wrong in my setup.
Frontend (HTTPS: 5173) docker container + django/celery (HTTPS: 8000, gunicorn) container on ec2.
Both, 80 and 443 exposed.
Loadbalancer with HTTPS:443 Listener, default target group to frontend, rule for /api/* path to Django https:8000. health check never works, no matter if http, https, path with trailing slash or without.
self signed certificate works fine locally, worked fine just some days ago on aws imported for *.localhost/CN=localhost. expiry date > 100 days
handshake test passes
the logs from django/celery:
[2024-10-18 09:33:25 +0000] [11] [WARNING] Invalid request from ip=172.31.xx.91: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:41 +0000] [11] [WARNING] Invalid request from ip=172.31.xx.217: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:43 +0000] [12] [WARNING] Invalid request from ip=172.31.xx.144: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:49 +0000] [12] [WARNING] Invalid request from ip=172.31.33.xx: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:55 +0000] [12] [WARNING] Invalid request from ip=172.31.xx.91: [SSL] PEM lib (_ssl.c:3900)
parts from access logs ALB:
ELB status code: 502 (Bad Gateway, indicating issues with the target or downstream services)
SSL cipher and protocol: TLS_AES_128_GCM_SHA256 TLSv1.3
browser the same:
index-BbUzq7eH.js:27
GET https://xxxxxxxxx.eu-central-1.elb.amazonaws.com/api/set-csrf/ 502 (Bad Gateway)
Django ALLOWED_HOSTS is set to ["*"] for testing
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOW_CREDENTIALS = True
SECURE_SSL_REDIRECT = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = False
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
USE_X_FORWARDED_HOST = True
USE_X_FORWARDED_PORT = True
ALLOWED_HOSTS = ["*"]
CSRF_TRUSTED_ORIGINS = ["https://localhost:5173", "https://xxxxxcentral-1.elb.amazonaws.com"]
CORS_ALLOWED_ORIGINS = [
'https://localhost:5173', # Your Vue dev server address
'https://3.76.xx.xx',
'https://xxxxxx.eu-central-1.elb.amazonaws.com',
]
CORS_ORIGIN_WHITELIST = [
'https://localhost:5173',
'https://3.76.xx.xx',
'https://xxxxx.eu-central-1.elb.amazonaws.com'
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
nginx:
server {
listen 80;
server_name _;
location /api/health/ {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Redirect all other HTTP traffic to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# Configuration for handling HTTPS traffic
server {
listen 8000 ssl;
server_name _;
ssl_certificate /app/certs/localhost.crt;
ssl_certificate_key /app/certs/localhost.key;
location /static/ {
alias /app/staticfiles/;
}
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I tried it with nginx and without, no difference in behaviour.
Why do I see the 502?