Google Cloud - Backend unhealthy and LB not working
I somehow broke a working SSL LB with a minor change and now cannot get it to work again.
VM Instance - - Showing unhealthy and giving a 502 error through the external IP (but taking the correct SSL certificate) - Includes firewall rules separately for both 443 and 80 ports
LB - - Front-end is set for HTTPS traffic with the SSL certificate (issued by Let's Encrypt) - Back-end is pointing to 443 port of the VM instance above via HTTPS protocol (and a zone)
Firewall - - In addition to the VM instance above, the firewall rule also exists for the LB from IP ranges: 130.211.0.0/22, 35.191.0.0/16 via 443 port
What should I do? I restarted the VM instance as well.
Could you tell me the last change you did to your SSL LB?
Right now it seems that you've configured the correct firewall rule to allow traffic from health check IP ranges 130.211.0.0/22, 35.191.0.0/16 on port 443. So you have to check your health check configuration in order to see if the URL path that GCP uses when sending health check requests is on port 443.
GCP health checks will expect a HTTP(s) 200 response, make sure that your backend server is listening on that port and the URL match the Health check's URL path.
You can check if your instance is listening on port 443 with the following commands (only for linux).
nmap -Pn LB's external IP address
nmap -Pn VM's external IP address
netstat -an | grep -i listen
netstat -an | grep -w 443 | grep -i listen
Maybe your VM instances is listening and trying to response health check request on different port/path than the specified in health check's configuration.