Tuesday, January 25, 2011

Using AWS Elastic Load Balancing with a password-protected site

Scenario: you have a password-protected site running in EC2 that you want handled via Amazon Elastic Load Balancing. The problem with that is that the HTTP healthchecks from the ELB to the instance hosting your site will fail because they will get a 401 HTTP status code instead of 200. Hence the instance will be marked as 'out of service' by the ELB.

My solution was to serve one static file (I called it 'check.html' containing the text 'it works!') without password protection.

In my case, I have nginx handling both the dynamic app (which is a Django app running on port 8000) and the static files. Here are the relevant excerpts from nginx.conf (check.html is in /usr/local/nginx/static-content):

http {
    include       mime.types;
    default_type  application/octet-stream;

    upstream django {
        server 127.0.0.1:8000;
    }

    server {
        listen       80;

        location / {
            proxy_pass http://django/;
            auth_basic            "Restricted";
            auth_basic_user_file  /usr/local/nginx/conf/.htpasswd;
        }

        location ~* ^.+check\.html$
        {
            root   /usr/local/nginx/static-content;
        }
    }
}

4 comments:

Dmitriy said...

Good stuff.

Here are a couple of my old posts on how to accomplish something similar with Apache:

http://somic.org/2007/06/21/apache-config-trick-a-special-directory/

http://somic.org/2009/01/09/perlbal-reproxy-and-http-auth/

Grig Gheorghiu said...

Hi Dmitriy -- thanks for the comment and for the posts, I'll check them out.

Grig

Michael said...

Might be better to create a django view that simple returns a HttpResponse as this will check that nginx and django are OK.

Grig Gheorghiu said...

Michael -- you're right, I will do that eventually.