AWS Application load balancer : time out on health check

Question

I've built a website in Django that I'd like to promote using AWS Elastic Load Balancer (Application Load Balancer) coupled with an Auto Scaling Group.

For context: I'm using a VPC containing 2 public subnets linked to an internet gateway. I have an RDS database in a private subnet.

My site is developed and functional within an EC2 instance. I've configured Gunicorn to start automatically by creating a gunicorn.service file dont le contenu est le suivant :

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=ec2-user
Group=ec2-user
WorkingDirectory=/home/ec2-user/datasource/src
Environment="SECRET_NAME_1=my_first_secret"
Environment="SECRET_NAME_2=my_second_secret"
Environment="SECRET_REGION_NAME=my_region"
ExecStart=/usr/local/bin/gunicorn --access-logfile - --workers 2 --bind 0.0.0.0:8000 datasource.wsgi:application --chdir /home/ec2-user/datasource/src

[Install]
WantedBy=multi-user.target

Since the Amazon EC2 instances are on CentOS, for the Nginx configuration I had to create a sites-availables and sites-enabled folders in /etc/nginx/ and put the following configuration in it:

server {
    listen 80;
    server_name datasource.fr www.datasource.fr;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

I hadded in nginx.conf the following statement

include /etc/nginx/sites-enabled/*;

Then I runned these commands :

sudo ln -s /etc/nginx/sites-available/datasource.fr /etc/nginx/sites-enabled/
sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

sudo systemctl daemon-reload
sudo systemctl restart gunicorn
sudo systemctl restart nginx

OK, I test directly on my EC2 instance by entering http://ipadress/ and it works: the site is fully accessible.

I therefore transform my instance into an AMI image and place it as an auto-scaling-group in a launch template.

Set up my auto-scaling group and my applicaiton load balancer, with the right security groups:

Application load balancer:

Inbound rules :

• Source 0.0.0.0/0 Port 80
• Source 0.0.0.0/0 Port 443

Outbound rules:

• Destination: auto-scaling-security-group, Port 80
• Destination: auto-scaling-security-group, Port 443
• Destination: auto-scaling-security-group, Port 8000

Auto Scaling Group :

Inbound rules :

• Source: elastic-load-balancer-security-group, Port 80
• Source: elastic-load-balancer-security-group, Port 443
• Sourcve: : elastic-load-balancer-security-group, Port 8000

Outbound rules :

• Destination: all traffic

Aaaaaaand nope. It doesn't work: the health-checks time out without me knowing why.

So I try to create an instance from the AMI image -> I can access it immediately via the IP address

I've followed the recommendation not to set public IP addresses as default for auto scaling group instances, so I try to create another auto scaling group with public IP addresses as default. Funny thing: I can access it immediately via the IP address, but the health check time out is still there.

I've changed the security groups by changing the origins and destinations to "all traffic" on the ports concerned, turning my instances into real sieves, I can still access them if I assign a public IP address, health check time out.

I'm completely out of ideas. The videos I see on the internet set up an auto scaling group with disconcerting simplicity, without even configuring a Nginx or Gunicorn server.

If you have any ideas, I'd love to hear from you.