How should I configure my ELB health check when using NameVirtualHosts and redirecting to www?

My ELB keeps taking my instances out of service, because the HTTP health check is failing.

We have a DNS wildcard, and redirect everything to www:

vhost.conf:

ServerName www.example.com
ServerAlias *.example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^ http://www.example.com/$1 [R=301,L]

This works fine for actual browsers, but the HTTP health check to / fails, presumably because it's getting a 302.

Is the best option to use a TCP health check, or is there a way to get HTTP to work?


Solution 1:

This question has been asked on the AWS forums and the answer was to set up a default vhost that handles traffic on the bare IP address and doesn't do any redirects. This will mean that normal users who hit your IP address will not be redirected either.

You could alternatively specify the path part of the URL that you want the ELB to request and ignore that path by adding another RewriteCond:

RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/health-check$
RewriteRule ^ http://www.example.com/$1 [R=301,L]

Normal users who hit that URL will not be redirected.

You could also use the same technique to detect the User-Agent of the ELB.

RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker
RewriteRule ^ http://www.example.com/$1 [R=301,L]

Normal users who spoof their User-Agent will not be redirected.

Or the internal IP address of the ELB.

RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteCond %{REMOTE_ADDR} !^10\.
RewriteRule ^ http://www.example.com/$1 [R=301,L]

For this option to work, you will require either mod_rpaf (for Apache 2.2) or mod_remoteip (for Apache 2.4) to modify the REMOTE_ADDR variable to contain the correct part of the contents of the X-Forwarded-For header. As long as you set that up correctly, it shouldn't be possible for a normal user to avoid the redirect response.