Running Rails3 with force_ssl = true, with nginx, on AWS EC2 with SSL terminated by an ELB, setting up health check

amazon-web-services ssl ruby-on-rails

6 months later, here is your cleaner solution.

# config/environments/production.rb
config.ssl_options = { exclude: proc { |env| env['PATH_INFO'].start_with?('/health_check') } }

It should be noted that the exclude option to config.ssl_options is now deprecated and you have to use the rack-ssl gem to get the same behavior.

It didn't seem like a good idea to me to include and initialize a new rack middleware just for the health check, so I decided to use nginx instead to set the $http_x_forwarded_proto header for the health checker.

Here's what I came up with:

location @unicorn {

  if ($http_user_agent ~ "ELB-HealthChecker")
  {
    set $http_x_forwarded_proto https;
  }

  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
  proxy_set_header Host $http_host;
  proxy_redirect off;
  proxy_pass http://unicorn;
}

Now rails sees the Health Checker requests as https (though they are not) and returns success.

Related

Munin's smart plugin keeps reporting an error in the past because of the exit code
Apache proxy virtual host on backend server
Extremely Slow Login: Group Policy Printers
Modelling University student Internet usage
rsync/ssh/rsnapshot backup -- remote script execution
Proxying websocket traffic from nginx 1.3.13 to socket.io (without SSL)
HAProxy - putting up a maintenance page
VirtualBox bridged adapter can ping but can't curl
How to escape spaces in Apache SetEnvIf value
Why do metal fasteners (e.g., staples) around ethernet cables impair network performance? [closed]
Puppet & Puppetmaster for development on VMs
This network location can't be included because it is not indexed