I have an aplication made in spring boot, it recovers data from a remote PostgreSQL database. It works well locally (from local app to local db), from local host to remote db and with all resources on GCP cloud (vm with tomcat server that host the aplication and with a cloud SQL for PostgreSQL database). The last part of my PoC is to host my aplication in my instance group with a load balancer attached. When i reach my load balancer i can see my welcome page where i use spring security to login (revovers the credentials from the same postgreSQL database), but it isnt work and i recieve the next error:
And when I check my catalina.out log, it shows me the next error:
11:34 ERROR 893 --- [io-8080-exec-11] o.s.b.w.servlet.support.ErrorPageFilter : Cannot forward to error page for request [/login] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false
11:35 WARN 893 --- [nio-8080-exec-9] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]
Im going to share my LB terraform code if helps, ´the lb part is seem to be the problem in my PoC.
provider "google-beta" {
project = var.project
region = "us-central1"
credentials = "C:/Users/jperezgarcia/Desktop/Terraform/GCP/credentials/mario.json"
}
resource "google_compute_region_ssl_certificate" "ssl-crt" {
provider = google-beta
project = var.project
name_prefix = "my-certificate-"
region = var.lb_region
private_key = file("lb_http/certificate/privateKey.key")
certificate = file("lb_http/certificate/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_forwarding_rule" "lb-front-HTTP" {
provider = google-beta
project = var.project
name = var.lb_front_name
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = var.lb_front_port_range
target = google_compute_region_target_http_proxy.lb-proxy-http.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
# ip_address = "10.10.20.5"
}
resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
provider = google-beta
project = var.project
name = "lb-https-front"
port_range = "443"
load_balancing_scheme = "INTERNAL_MANAGED"
# ip_address = "10.10.20.5"
target = google_compute_region_target_https_proxy.lb-proxy-https.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
}
resource "google_compute_region_target_http_proxy" "lb-proxy-http" {
provider = google-beta
name = var.lb_proxy_name
region = var.lb_region
project = var.project
url_map = google_compute_region_url_map.lb_url_map.self_link
}
resource "google_compute_region_target_https_proxy" "lb-proxy-https" {
provider = google-beta
name = "test-proxy"
region = var.lb_region
project = var.project
url_map = google_compute_region_url_map.lb_url_map.self_link
ssl_certificates = [google_compute_region_ssl_certificate.ssl-crt.id]
}
resource "google_compute_region_url_map" "lb_url_map" {
provider = google-beta
project = var.project
name = var.url_map_name
region = var.lb_region
default_service = google_compute_region_backend_service.lb-backend.self_link
}
resource "google_compute_region_backend_service" "lb-backend" {
provider = google-beta
name = var.lb_backend_name
region = var.lb_region
project = var.project
load_balancing_scheme = "INTERNAL_MANAGED"
port_name = var.lb_backend_port_name
protocol = var.lb_backend_protocol
timeout_sec = var.lb_backend_timeout
health_checks = [var.healthcheck_output]
locality_lb_policy = "ROUND_ROBIN"
session_affinity = "GENERATED_COOKIE"
affinity_cookie_ttl_sec= 3600
log_config {
enable = true
}
backend {
group = var.ig_id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}
Thanks for any help here.
I resolved it configuring sticky sessions trough a cookie generated by the load balancer itself. I was trying to doing using round robin LB but it doesn't make any sense if you have to keep your session on, you must use ring hash. I'll share the script (look at the back end service):
provider "google-beta" {
project = var.project
region = var.region
credentials = var.credentials
}
resource "google_compute_region_ssl_certificate" "ssl-crt" {
provider = google-beta
project = var.project
name_prefix = var.certificate_name
region = var.lb_region
private_key = file("lb_http/certificate/privateKey.key")
certificate = file("lb_http/certificate/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_forwarding_rule" "lb-front-HTTP" {
provider = google-beta
project = var.project
name = var.lb_http_front_name
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = var.lb_front_port_range
target = google_compute_region_target_http_proxy.lb-proxy-http.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
# ip_address = "10.10.20.5"
}
resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
provider = google-beta
project = var.project
name = "lb-https-front"
port_range = "443"
load_balancing_scheme = "INTERNAL_MANAGED"
# ip_address = "10.10.20.5"
target = google_compute_region_target_https_proxy.lb-proxy-https.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
}
resource "google_compute_region_target_http_proxy" "lb-proxy-http" {
provider = google-beta
name = var.lb_proxy_name
region = var.lb_region
project = var.project
url_map = google_compute_region_url_map.lb_url_map.self_link
}
resource "google_compute_region_target_https_proxy" "lb-proxy-https" {
provider = google-beta
name = "test-proxy"
region = var.lb_region
project = var.project
url_map = google_compute_region_url_map.lb_url_map.self_link
ssl_certificates = [google_compute_region_ssl_certificate.ssl-crt.id]
}
resource "google_compute_region_url_map" "lb_url_map" {
provider = google-beta
project = var.project
name = var.url_map_name
region = var.lb_region
default_service = google_compute_region_backend_service.lb-backend.self_link
}
resource "google_compute_region_backend_service" "lb-backend" {
provider = google-beta
name = var.lb_backend_name
region = var.lb_region
project = var.project
load_balancing_scheme = "INTERNAL_MANAGED"
port_name = var.lb_backend_port_name
protocol = var.lb_backend_protocol
timeout_sec = var.lb_backend_timeout
health_checks = [var.healthcheck_output]
locality_lb_policy = "RING_HASH"
session_affinity = "GENERATED_COOKIE"
affinity_cookie_ttl_sec = 3600
connection_draining_timeout_sec = 300
log_config {
enable = true
}
consistent_hash {
minimum_ring_size = 3
http_cookie {
ttl {
seconds = 11
nanos = 1111
}
name = "mycookie"
}
}
backend {
group = var.ig_id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}