I am trying to change an old classic cloud service to use an HTTP health probe instead of the default process-based check. We've had some issues where instances stopped working but it thought they were still usable because they were running, but couldn't respond to requests.
Our site is HTTPS only, we don't even have an HTTP endpoint defined. Or didn't. The load balancer doesn't support HTTPS, so I had to add an HTTP endpoint and configure that to be used instead. That's gross but it seems to work. However, the HTTPS site doesn't seem to be covered by the health checks for the HTTP endpoint.
If I query my health probe path via HTTP, I can see that it's returning a 503, and if all instances return a 503 I can see that endpoint fail to load until I make one return 200 again. Once I make one return a 200 again, it works. My requests get routed to the appropriate node, if possible.
However, the HTTPS requests always seem to go to the same instance, regardless of the probes. Flipping that instance from 200 to 503 doesn't cause those requests to go to the other instance, like it does with HTTP. It isn't balanced at all.
It's really hard to find useful documentation or examples on how this should be set up or if it can work at all. Below is my csdef file. Is it possible to get this working (either an HTTPS check or the HTTP check affecting the HTTPS endpoint)?
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="..." xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<LoadBalancerProbes>
<LoadBalancerProbe name="health" protocol="http" port="80" path="health" intervalInSeconds="5" timeoutInSeconds="11"></LoadBalancerProbe>
</LoadBalancerProbes>
<WebRole name="..." vmsize="Standard_D2_v3">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
<Binding name="LoadBalancerEndpointBinding" endpointName="LoadBalancerEndpoint" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="https" port="443" certificate="..." />
<InputEndpoint name="LoadBalancerEndpoint" protocol="http" port="80" loadBalancerProbe="health" />
</Endpoints>
<ConfigurationSettings>
<!-- ... -->
</ConfigurationSettings>
<Certificates>
<!-- ... -->
</Certificates>
</WebRole>
</ServiceDefinition>
The answer in my case was to add the loadBalancerProbe attribute to both endpoint elements. I also had to make sure that however I was testing the service made new connections for every request or they would always go to the same instance (e.g. HttpClient pools connections internally per instance). This is essentially the new working configuration file:
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="..." xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<LoadBalancerProbes>
<LoadBalancerProbe name="health" protocol="http" port="80" path="health" intervalInSeconds="5" timeoutInSeconds="11"></LoadBalancerProbe>
</LoadBalancerProbes>
<WebRole name="..." vmsize="Standard_D2_v3">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
<Binding name="LoadBalancerEndpointBinding" endpointName="LoadBalancerEndpoint" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="https" port="443" certificate="..." loadBalancerProbe="health" />
<InputEndpoint name="LoadBalancerEndpoint" protocol="http" port="80" loadBalancerProbe="health" />
</Endpoints>
<ConfigurationSettings>
<!-- ... -->
</ConfigurationSettings>
<Certificates>
<!-- ... -->
</Certificates>
</WebRole>
</ServiceDefinition>