Home About Contact
rss_feed search

Mike Rankin Games, Tech and other oddities

photo by Stephan Henning
Elastic Beanstalk throws 301 on healthcheck
By Mike Rankin on Tuesday, Jan 8, 2019

SSL Everywhere

While we’re trying to use SSL everywhere on the web, it can sometimes be a bit troublesome when configuring your site on AWS. I ran into this problem using the elastic beanstalk on a plain vanilla tomcat server.

In order to make sure that all my pages were served encrypted, I used a URL rewrite rule to just grab everything that was submitted over port 80 and did a 301 Permanent Redirect to port 443. This worked great on my local setup where I was not behind a load balancer. When I went to deploy the project, though, the site would not come up.

The reason for this is that my load balancer was reporting that no healthy instances were attached. That seemed strange because the web servers themselves did not report an issue.

When you set up an elastic beanstalk, you get to set a page that the load balancer uses to check to make sure your site is responsive. It’s part of the system that determines when there are problems or excessive load on your web server to spin up another instance.

What you generally don’t do when you set this up is install an SSL certificate on your web servers and serve encrypted content to your load balancer. The encryption generally happens on the load balancer for public-facing requests.

A quick look at my log files and sure enough, my health check page is showing a 301 status where it’s trying to redirect to port 443. Since there is no cert at that level, the redirect fails.

I wound up modifying my redirect rule to make an exception for the health check page as follows:

<urlrewrite>
 <rule>
   <name>Redirect to HTTPS</name>
   <condition operator="notequal" name="x-forwarded-proto">https</condition>
   <from>^(?!\/hc\.html)(.*)$</from>
   <to last="true" type="permanent-redirect">https://%{server-name}%{request-uri}</to>
 </rule>
</urlrewrite>

Note the exception in the from tag for a file named /hc.html in the root of my project. Putting that in there and the site came up as expected.

Tomcat does not come with a default URL rewrite module, so I’m using the excellent UrlRewriteFilter from tuckey.org

comments powered by Disqus
comments powered by Disqus

Tags

aws
ssl
beanstalk
Recent Posts
Games
gw2
mmorpg
online
Movies
horror
Technologies
amplify
aws
beanstalk
blog
data
hugo
jet-brains
liquibase
lucee
material
mysql
npm
ssl
vscode
webpack
yaml