How to force https on amazon elastic beanstalk without failing the health check [duplicate]
There's multiple hostmananger URLs that Elastic Beanstalk needs to access besides the health check. Grepping /var/log/httpd/elasticbeanstalk-access_log
, I see requests to /_hostmanager/tasks
and /_hostmanager/healthcheck
.
Here are the rules that I added to /etc/httpd/sites/elasticbeanstalk
on my EC2 instances:
RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} !httpsRewriteCond %{REQUEST_URI} !^/status$ RewriteCond %{REQUEST_URI} !^/version$ RewriteCond %{REQUEST_URI} !^/_hostmanager/ RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
Note that I'm also allowing non-https traffic to my /status
and /version
pages. I'm actually using /status
as the actual healthcheck lookup URL, so having that traffic skip the rewrite will avoid the redirect and make the status lookup faster (I'm assuming).
I think that some of the other answers on here may not be based on whatever the arbitrary User-Agent
AWS is currently setting. When I watch the Apache logs, I see this User-Agent:
ELB-HealthChecker/1.0
As of writing this, the following mod_rewrite
rule is working for me:
RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} !httpsRewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker.* RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
As of 2016, none of these answers works for me, but this worked:
1 Retrieve /etc/httpd/conf.d/wsgi.conf
2 Add the following to the virtual host: (Note that the third line prevents an issue where the setup script /opt/elasticbeanstalk/hooks/config.py
waits 5 minutes failing to load the path /
.)
RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} !httpsRewriteCond %{HTTP_HOST} !localhostRewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker.* RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
3 Put the file in your repository, and add the following container command:
06_https: command: "cp wsgi.conf /opt/python/ondeck/wsgi.conf"
This file is then copied automatically by the setup script into /etc/httpd/conf.d
.