Load Balancer Health Check After Applying AWS SSL certificates

Question

I created a load balancer with autoscaling group. It was working really fine until i applied SSL certificates and redirected the traffic to HTTPS. The load balancer health check is http one and i cannot move that check over to https because the certificates are applied on load balancer. So the current stack is Rails 4.2 , operating system is ubuntu, http entertainer is nginx and i have 5 instances running on Load Balancer. So i created a redirect on nginx like below

if ($scheme = http) {
   return 301 mydomain.com$request_uri;
}

Then i tried this

if ($request_uri != "/public/health.html" ) {
  set $balancer  P;
}
if ($scheme = http) {
  set $balancer  "${balancer}C";
}
if ($balancer = PC) {
  return 303 mydomain.com$request_uri;
}

With these redirections my site went down and on browser i was having an error of multiple redirections. This issue is making me crazy. Kindly please help. Your help will be appreciated a lot. Thanks

Answer 1

I had the exact same problem with my tomcat server (instances) and apachae server (load balancer). I also was getting multiple redirects in browser. I did two things:

1. Changed Load balancer listeners:
2. Changed a little in apache config:

LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ssl_module modules/mod_ssl.so
Listen 443

<VirtualHost *:80>
  <Proxy *>
    Order deny,allow
    Allow from all
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/$
    Rewriterule ^(.*)$ https://www.example.com/ [L,R=301]
  </Proxy>

  RequestReadTimeout header=35 body=35

  ProxyPass / http://localhost:8080/ retry=0
  ProxyPassReverse / http://localhost:8080/
  ProxyPreserveHost on

  ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>

<VirtualHost *:443>

  RequestReadTimeout header=35 body=35

  ProxyPass / http://localhost:8080/ retry=0
  ProxyPassReverse / http://localhost:8080/
  ProxyPreserveHost on

  SSLEngine on
  SSLCertificateFile /path/where/cert/stored/2_example.com.crt
  SSLCertificateKeyFile /path/where/cert/stored/private-key.pem
  SSLCertificateChainFile /path/where/cert/stored/1_root_bundle.crt

  ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>

I kept port 80 opened for health checks and 443 for site. This configuration might help you. Do let me know if you were able to solve your problem.

Answer 2

Something like this in your nginx configuration should work:

server {
        listen 80;
        server_name www.example.com;


        location = /public/health.html {
           return 200;
        }

        location / {
            return 301 https://$http_host$request_uri;
        }
    }

Answer 3

Very short and effective solution, that will work 100% on any AWS settings. Put this in your application controller.

before_filter :move_to_https if RAILS.env == "production"
def move_to_https
    redirect_to request.url.gsub("http","https") unless request.url.include?("https")
end

This will convert any domain traffic to https and ip's will never be exposed via load balancer.