Databases
StackOverflow2013
Postsdbo
POEngine Yard Rails app - Terminating SSL at an Elastic Load Balancer (ELB) and passing X-Forwarded-Proto http header
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POEngine Yard Rails app - Terminating SSL at an Elastic Load Balancer (ELB) and passing X-Forwarded-Proto http header
    text
    copied!<p>Followed the Engine Yard docs at <a href="https://support.cloud.engineyard.com/entries/21715452-use-elastic-load-balancing-with-engine-yard-cloud">https://support.cloud.engineyard.com/entries/21715452-use-elastic-load-balancing-with-engine-yard-cloud</a></p> <p>Got this set up and appeared to working well allowing us to use SSL Terminated at the ELB instead at the server. In theory this should allow us to use and multiple SSL certs in a single environment. </p> <p>This setup means the traffic between the browser and the ELB load balancer is SSL, but the onward traffic from the ELB to the application servers is decrypted. This caused us a problem with our rails 3.2.8 application forcing SSL - it redirects every decrypted request back to it's https equivalent, which sends a decrypted request from the load balancer to the application server again, causing an infinite loop condition.</p> <p>If we disable the forcing of SSL in our app we need to test each request to see if it came from an SSL connection, if it did we can respond, if not, redirect it.</p> <p>According to this release note ( <a href="http://aws.amazon.com/releasenotes/7778622769836370">http://aws.amazon.com/releasenotes/7778622769836370</a> ) the ELB will pass the X-Forwarded-Proto header containing 'https' when traffic is passed from a https connection.</p> <p>Firstly there is no header called 'X-Forwarded-Proto' in the request on Engine Yard. 'HTTP_X-FORWARDED_PROTO' does exist, but it always contains 'http' even when traffic is sent over SSL to the ELB.</p> <p>Can anyone offer any insight into this or ideas for a workaround? I've tried EY support without much luck so far.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload