stackoom
  简体   繁体   中英

Rails on Elastic Beanstalk, Can't do a load balancer health check

 原文  2016-09-30 12:55:12       ruby-on-rails/ amazon-web-services/ amazon-ec2/ elastic-beanstalk/ amazon-elastic-beanstalk

Question

I am running a rails app on elastic beanstalk, my problem is that I cannot use the load balancer health check, as it checks via http, not https. I have config.force_ssl set to true, and don't really want to change it, since it means I have 100% ssl coverage, HSTS, and secure cookies. I have setup a controller to check at /health and can access this via curl. There seems to be a contradiction between what is shown in elastic beanstalk (EC2 Instance Health Check), where I can only change the path and some timings, and the health check in the load balancer in EC2, where I can change the ping protocol, port and path to what I want, but this seems to have no effect other than causing a 503 error. 

Ping Protocol: https 
Ping Port: 443 
Ping Path: /health

The load balancer has ports 80 and 443 open but redirects from 80 to 443 due to force_ssl.

Does anyone know of the correct settings to get around this, as I won't be able to scale the application without it?

Thank you

Eamon

4 answers

solution1
 2 ACCPTED  2016-10-04 07:53:49

The way to do this is to add this to your config, like this. 

config.force_ssl
config.ssl_options = { redirect: { exclude: -> request { request.path =~ /health/ } } }

This is as per the rails docs and is valid for Rails 5:

http://api.rubyonrails.org/classes/ActionDispatch/SSL.html

solution2
 1  2017-04-15 14:35:40

Small hint for the accepted answer:

In case you have updated from Rails 4 to Rails 5 and have therefore a new_frameworks_default.rb in your initializers directory. You need to remove (or out-comment) the following line: 

Rails.application.config.ssl_options = { hsts: { subdomains: true } }

Otherwise ssl_options is already set.

solution3
 0  2017-02-01 02:07:52

If, like me you are not using rails 5, the other way you can do this is to disable force SSL, and use NGINX to force all traffic onto https... You can use an ebextension file to do this. The exact version you need comes direct from AWS:

https://github.com/awslabs/elastic-beanstalk-docs/blob/master/.ebextensions/aws_provided/security%20configuration/https-redirect-ruby-puma.config

If you need more information on ebextensions, you can find them in the docs http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

EDIT : The original link no longer works...

Try this: https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/security-configuration/https-redirect/ruby-puma/https-redirect-ruby-puma.config

solution4
 0  2017-03-24 20:56:55

The accepted answer kept not working for me, but after hours of debugging I found this gem:

https://github.com/lserman/aws-healthcheck

It returns 200 on /healthcheck which works like a charm.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Enforce https connection on Rails using AWS elastic beanstalk load balancer AWS Elastic Beanstalk Load Balancer settings for SSL Deployed rails app to Elastic beanstalk can't connect to RDS Rails Deploy using Elastic Beanstalk - Can't convert array into string how to configure Elastic Beanstalk to deploy code to an instance but not add it to the load balancer Load Balancer Health Check After Applying AWS SSL certificates Rails app deployed using elastic beanstalk responds with “site can't be reached” can't get past AWS Elastic Beanstalk “Congratulations” screen when launching Ruby on Rails app Rails app on AWS Elastic Beanstalk returning 422 with “Can't verify csrf token” Don't run Bundler as root - Rails6 on Elastic Beanstalk
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM