Thanks for the advice Marco, I’m using Amazon Linux 2 on the Docker host, which appears to have SELinux disabled by default already. So great suggestion, but not apparently the issue here.
sudo getsebool -a | grep http getsebool: SELinux is disabled Looking at the Dockerfile, it looks like the image is built using a alpine docker image, so no SELinux within the docker container. bash-4.4$ getsebool -a | grep http bash: getsebool: command not found > On 18 Nov 2022, at 14:11, Marco Lettere <m.lett...@gmail.com> wrote: > > Hi Harry, > > one thing that hits me frequently on cloud machines provisioned by others is > SELinux. If your host is running Linux of course... > > In this case there is some documentation around how to check it out by > looking into the logs of your proxy service (the error should something like > "not permitted"). > > Check the Selinux property for http proxies with: > > > sudo getsebool -a | grep http > > Whereas to disable selinux enforcement on http proxy permanently (-P flag): > > > sudo setsebool -P httpd_verify_dns 0 > > Regards, > > Marco. > > > On 18/11/22 13:18, Harry King wrote: >> Hi, >> >> I’m wondering if someone might be able to offer a hint or two. I’m >> attempting to run BaseX in AWS behind a Network Load Balancer (NLB) using >> the 9.5.2 docker image with the default config to start with. I’ve setup a >> TCP target group and the healthcheck appears happy on port 1984.Reachability >> analyser suggests firewall is good to go. From the local box I can telnet >> localhost 1984: >> >> telnet localhost 1984 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> BaseX:3334891053316136 >> >> I get a similar response if I use the server’s private IP address: >> >> telnet 10.x.x.x 1984 >> Trying 10.x.x.x... >> Connected to 10.x.x.x. >> Escape character is '^]'. >> BaseX:3335242111998298 >> >> >> So far, so good. >> >> If I attempt the same via the NLB I get a timeout, which suggests to me >> either firewall issue or the application is refusing to listen for some >> reason. The documentation, seems to suggest by default, basex should >> respond to requests from any IP or hostname, do I understand that correctly, >> or do I need to alter the default config? >> >> Thanks in advance!
