Cannot access the ALB URL for N8N, but my ECS Service is running fine, reaching steady state without issues

fanmixco · May 11, 2024, 1:57pm

Fellows, I’m trying to deploy and configure N8N in my AWS account. Now, I’m facing two challenges since but it was somehow tricky to run and configure its Docker image. However, I’ll focus on the greatest one, I can reach the website via its IP:

However, I cannot reach it by the domain I configured that is linked to my Application Load Balancer via the Route 53:

And I know the domain is working fine since I got issued a certificate:

This is the Task Definition JSON, you will need an EFS to configure it:

{
    "family": "n8n",
    "containerDefinitions": [
        {
            "name": "n8n",
            "image": "n8nio/n8n:latest",
            "cpu": 0,
            "portMappings": [
                {
                    "name": "n8n-80-tcp",
                    "containerPort": 80,
                    "hostPort": 80,
                    "protocol": "tcp",
                    "appProtocol": "http"
                },
                {
                    "name": "n8n-5678-tcp",
                    "containerPort": 5678,
                    "hostPort": 5678,
                    "protocol": "tcp"
                },
                {
                    "name": "n8n-443-tcp",
                    "containerPort": 443,
                    "hostPort": 443,
                    "protocol": "tcp"
                }
            ],
            "essential": true,
            "environment": [],
            "environmentFiles": [],
            "mountPoints": [
                {
                    "sourceVolume": "n8n_data",
                    "containerPath": "/data",
                    "readOnly": false
                }
            ],
            "volumesFrom": [],
            "ulimits": [],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/n8n",
                    "awslogs-region": "eu-west-1",
                    "awslogs-stream-prefix": "ecs"
                },
                "secretOptions": []
            },
            "systemControls": []
        }
    ],
    "taskRoleArn": "arn:aws:iam::YOUR_ID:role/ecsTaskExecutionRole",
    "executionRoleArn": "arn:aws:iam::YOUR_ID:role/ecsTaskExecutionRole",
    "networkMode": "awsvpc",
    "volumes": [
        {
            "name": "n8n_data",
            "efsVolumeConfiguration": {
                "fileSystemId": "fs-YOUR_EFS",
                "rootDirectory": "/db"
            }
        }
    ],
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "256",
    "memory": "2048",
    "runtimePlatform": {
        "cpuArchitecture": "X86_64",
        "operatingSystemFamily": "LINUX"
    }
}

As you can see the issue is quite strange since I cannot reach the URL I configured in Route 53 that is an alias to my ALB that is the same that is running my ECS Service. Oddly, I can reach the task IP without any issues as I showed before.

These are some pictures of my current configuration:

ALB:

Security Group:

Target Group:

Service configuration:

ECS Service:

Any idea what I could be doing wrong?

My configuration:

n8n version: Docker/Latest
Database (default: SQLite): SQLite
n8n EXECUTIONS_PROCESS setting (default: own, main): N/A
Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
Operating system: Linux/NA

n8n · May 11, 2024, 1:57pm

It looks like your topic is missing some important information. Could you provide the following if applicable.

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

BramKn · May 11, 2024, 2:30pm

Hi @fanmixco

I see n8n is working as expected.
AWS can be a pain to get running if you do not know what you are doing.
Not sure if anyone here would be able to help you easily as it is more a question for an AWS expert, as it is an issue with your AWS setup not n8n.

barn4k · May 11, 2024, 8:03pm

hello @fanmixco

You’ll need to register the EC2/Fargate instance to the ALB, not the IP address
You haven’t provided the 443 port rules for the ALB
You haven’t provided the target group details for the 443 port listener
You haven’t provided the security group details for the EC2/Fargate instance that is a host for the ECS service.
I do not see the container configuration

The proper setup would be:

Create new cluster group in the ECS
Create ECS task definition
Create ALB with 80 and 443 port listeners
Create a target group for both listeners
Set the ACM for the 443 listener
Create Security groups for the ALB and for the EC2/Fargate instance (that will host your ECS containers). For the ALB there will be a ruleset:
inbound, 0/0 via 443 port
inbound, 0/0 via 80 port
outbound, any/any (you can strict it to any/443 and your EC2/Fargate via 5678)
ruleset for the EC2/Fargate:
inbound, ALB/5678
Outbound, any/any (you can strict it to the any/443, any/80, any/53)
Create Route53 record

Actually, the Route53 record can be added later, you can test the access with the ALB’s FQDN

fanmixco · May 12, 2024, 10:47am

The solution was not in AWS. AWS was correctly configured, but the domain provider did not have the records from Route 53. I copied the values and added them as NS values with a new subdomain and began to work.

fanmixco · May 12, 2024, 10:48am

Thanks for your reply, but my AWS configuration was correct. I didn’t change anything I shared before. The domain provider did not have the AWS NS records and that is why it was failing.

fanmixco · May 12, 2024, 10:49am

Thanks for your reply, but my AWS configuration was correct. The domain provider did not have the AWS NS records and that is why it was failing.

BramKn · May 12, 2024, 4:06pm

Still no n8n question though

system · May 19, 2024, 4:07pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.