502 Bad Gatewy
TF
TCP RST or TCP FIN
ALB Idle Timeout > KeepAlive にする。先に Keep Aliveをターゲットから切断させる。
そうでないと、ターゲットからデッド・ソケットにパケットが送られてくる。
ALBのログに、502ログを出力する。
Why ALB Idle Timeout vs. Keep-Alive Matters
ALB Idle Timeout = how long the ALB keeps a TCP connection open with no data transfer.
App Keep-Alive / Server Timeout = how long the backend keeps an idle TCP connection alive.
✅ If ALB Idle Timeout < App Keep-Alive:
ALB closes the TCP session first (sends FIN or RST).
When the backend later tries to send data on that connection, it hits a dead socket → triggers TCP RST.
ALB sees an unexpected closure and logs a 502.
✅ If ALB Idle Timeout > App Keep-Alive:
The backend closes the connection first (FIN).
ALB gets a proper TCP FIN and can gracefully handle or re-establish the connection → avoids 502.
🔧 Best Practice
Always set ALB Idle Timeout >= backend Keep-Alive timeout.
For HTTP/1.1 backends: align ALB Idle Timeout with keepalive_timeout (Nginx) or Timeout (Apache).
For gRPC/long-lived streaming: bump ALB Idle Timeout (e.g., 60s+).
For HTTP/2, ALB manages multiplexed streams, but the same rule applies at the TCP level.