How to respond to http health check at a particular url while redirecting other traffics?

Question

Background: I am trying to set up an instance group in Google cloud platform. The instance group consists a number of nginx instances whose job is simply to redirect incoming https traffic to an external site. If the incoming traffic is http, it will be convert to https.

For the instance group to work, it must respond to a health check request (in either http or https protocol) and return 200.

The problem I have is how to define such a nginx configuration.

This is my first cut. It only handles the redirection

    server {
        listen 80;
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/nginx/ssl/examples.pem;
        ssl_certificate_key /etc/nginx/ssl/examples.key;
        server_name incoming.examples.com;
        return 301 https://target.examples.com$request_uri;
    }

I set the health check url to be '/_check' with http protocol. This is my first attempt:

    server {
        listen 80;

        location /_check {
            return 200 'no content';
        }

        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/nginx/ssl/examples.pem;
        ssl_certificate_key /etc/nginx/ssl/examples.key;
        server_name incoming.examples.com;
        return 301 https://target.examples.com$request_uri;
    }

The nginx server responds with a 404.

Then I attempted to move location to another server definition:

    server {
        location /_check {
            return 200 'no content';
        }
        listen 80;
    }

    server {
        listen 80;
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/nginx/ssl/examples.pem;
        ssl_certificate_key /etc/nginx/ssl/examples.key;
        server_name incoming.examples.com;
        return 301 https://target.examples.com$request_uri;
    }

It gives me the same result. This is what I see in the access log.

130.211.3.85 - - [18/Jan/2017:08:41:25 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.3.81 - - [18/Jan/2017:08:41:29 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.1.249 - - [18/Jan/2017:08:41:30 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.3.85 - - [18/Jan/2017:08:41:30 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.3.81 - - [18/Jan/2017:08:41:34 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.1.249 - - [18/Jan/2017:08:41:35 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.3.85 - - [18/Jan/2017:08:41:35 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.3.81 - - [18/Jan/2017:08:41:39 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0"
130.211.1.249 - - [18/Jan/2017:08:41:40 +0000] "GET /_check HTTP/1.1" 404 168 "-" "GoogleHC/1.0

If I revert the change to my first attempt, and change the health check to use https (as in the following screenshot),

I get 301 instead. It seems to me the url _check is overridden by the redirction rule.

My question: How can I modify the nginx to meet the requirement?

Answer 1

You can set the Health check to work with any port you define, as indicated in the documentation. You can use the UI or the command line when creating the health check:

$ gcloud compute health-checks create https NAME [--check-interval=CHECK_INTERVAL; default="5s"] [--healthy-threshold=HEALTHY_THRESHOLD; default=2] [--host=HOST] [--port=PORT; default=80] 

On the flag PORT you can setup any of your choice. Then you would have to configure your app to respond to it.

server {
        location /_check {
            return 200 'no content';
        }
        listen [PORT];

This would avoid the health check requests being redirected with the rest of your traffic.