2

I need to have a health-check path for ALB setup that points to a server which has docker container Nginx. I do not have access inside the EC2 server to add a file there. I can just add something in Docker-Container

I have tried the following solution however it doesn't work for me because I have another block in my config file that prevents it I guess.

Nginx Solution for AWS Amazon ELB Health Checks - return 200 without IF

My config file looks like below:

server 
{    
   listen      443 ssl http2;
   server_name     server-test.com;
   access_log  /var/log/nginx/nginx.access.log;
   error_log   /var/log/nginx/nginx.error.log;
   ssl    on;
   ssl_certificate    /etc/nginx/ssl/cert.pem;
   ssl_certificate_key    /etc/nginx/ssl/server.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
   ssl_session_timeout 1d;
   ssl_session_cache builtin:1000 shared:SSL:10m;
   ssl_session_tickets off;

   location /
   {
      proxy_pass         http://server-test.io:5015/;
      proxy_redirect     off;

      ##proxy_set_header   Host             $host;
      proxy_set_header   X-Real-IP        $remote_addr;
      proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

      client_max_body_size       10m;
      client_body_buffer_size    128k;

      proxy_connect_timeout      90;
      proxy_send_timeout         90;
      proxy_read_timeout         90;

      proxy_buffer_size          4k;
      proxy_buffers              4 32k;
      proxy_busy_buffers_size    64k;
      proxy_temp_file_write_size 64k;
   }
 }
...
...
...

# Health check url
server {
  location /elb-status {
    access_log off;
    return 200 'A-OK!';
    add_header Content-Type text/plain;
  }
}
# Redirect non-existing domains to 404
server {
  server_name _;
  listen 80 default_server;
  return 404;
}
server {
  server_name _;
  listen 443 ssl;
  ssl_certificate    /etc/nginx/ssl/cert.pem;
  ssl_certificate_key    /etc/nginx/ssl/server.key;
  return 404;
}

When I open the server with path /elb-status, it gives me 404 Not Found. And also the status of server under LoadBalancer is unhealty. I think it's because of block: "Redirect non-existing domains" but I need to have that block as well.

Any help would be appreciated.

Edited based on Andy reply:

ALB-HealthCheck

ALB-Targer

Nginx Config File in Docker Container

The Nginx container uses both ports 80 and 443, I've set up the Target group for the servers, which include Nginx docker container, based on these ports but still the servers health check is Unhealthy.

Is there something that I'm missing here?

Matrix
  • 241
  • 1
  • 5
  • 15

1 Answers1

2

How about running the server block containing location /elb-status on another port?

When creating the ALB, there is a Advanced health check settings dropdown. In these settings you can override the health check port. You can set the port to something like 8080 and then your server becomes:

server {
  listen 8080;
  location /elb-status {
    access_log off;
    return 200 'A-OK!';
    add_header Content-Type text/plain;
  }
}

There is no need for virtual host based routing for health checks in this setup. Port 8080 would be dedicated to only the health check.

Don't forget to open the appropriate port in your security group between the ALB and EC2 instances if you choose to go this route.

Andy Shinn
  • 4,131
  • 8
  • 38
  • 55
  • To follow on from this: You second server stanza is picking up everything as the default. Server blocks are not chosen based on the content of their locations. – Reverend Tim Sep 19 '17 at 13:48
  • Thanks Andy but adding listen 8080 didn't fix the problem. – Matrix Sep 20 '17 at 09:47
  • @ReverendTim yes that's because I want to redirect all unknown servers no matter what location it is. But how it can work with that healthcheck block ? – Matrix Sep 20 '17 at 09:48
  • @sarah - to respond to your comment to andy: you will need to change your ELB Health check (from the aws console) to point to port 8080, and obviously make sure that port 8080 is open on your security group to the EC2 instance. and the other comment: having a default server is fine, but you need to shortcircuit the health check to another port so that it's not picked up by your default. Andy's solution will work perfectly - i know because that's how mine works ;) – Reverend Tim Sep 21 '17 at 08:40
  • @ReverendTim thanks for the comment. I actually did what Andy told but it doesn't work for me. Please check the edited question and let me know why I'm missing – Matrix Sep 21 '17 at 12:38
  • From inside the EC2 serves can you `curl -v localhost:8080/elb-status` to confirm the nginx part is correct? – Andy Shinn Sep 21 '17 at 21:14
  • @AndyShinn I don't have access inside the EC2 server. Because it has been built and managed by [https://cloud.docker.com ] I can just see inside the docker container. – Matrix Sep 22 '17 at 07:55