Elastic Beanstalk health requests with HTTPS

Hi there,

I recently went through the process of decoupling the application database from elastic beanstalk and upgrading to 0.43.0. While I was at it, I also started to follow these instructions to set up HTTPS.

So, a lot has changed at once. The application is accessible and redirects from HTTP to HTTPS, but the health monitor on EBS is reporting a Severe health warning with code(Target.ResponseCodeMismatch).

I don't see anything wrong with the ec-2 instance, so I'm wondering whether I need to change how the health check is set up in the load balancer settings. I tried changing the /api/health listener from HTTP to HTTPS, but that didn't help either.

Any suggestions?

Hi @wlm_nick

I'm thinking that the problem might be "redirects from HTTP to HTTPS" - where are you doing this redirect?
What is your Site URL configured to in Metabase > Admin > Settings > General?

What is the HTTP status code, when you go to /api/health as you have configured it?

Usually the full EB logs provide more insight than what the monitor shows.

Hey @flamber,

Thanks so much for your help. Happy to provide details below, hope we can get to the bottom of this!

  1. I didn't explicitly create any DNS rules or anything else to do this. Following the tutorial linked above, I added a new environment property: NGINX_FORCE_SSL = 1. Prior to making this change I did confirm that the site could be accessed either by HTTP or HTTPS
  2. The site URL was http://meta.waldenlocalmeat.com. I just tried changing this to https, and changed the switch to enforce https within the application. This doesn't appear to have changed the behavior
  3. Confirmed, I do see a 200 when visiting the api/health endpoint

Hey @flamber,

I think I switched back from HTTPS to HTTP in the wrong order, and now I'm seeing 502 errors when visiting the main site URL. Is there a way to override the force SSL and site URL back to a default? I tried changing MB_REDIRECT_ALL_REQUESTS_TO_HTTPS to false and MB_SITE_URL to http://meta.waldenlocalmeat.com within the environment properties, but it doesn't appear to be working.

@wlm_nick 502 is an error from your reverse-proxy (ELB), not Metabase. If you have an ELB, then make that make the rewrite from http to https, and stop doing rewrite via Nginx and Metabase.

Okay, I'll try that. If I simply remove the environment variables is that sufficient to prevent Metabase from attempting to handle the redirect?

@wlm_nick Do not make any redirects in Nginx or Metabase, if your ELB is already handling it. It just complicates everything and makes it more difficult to figure out where the redirects are being done.

If your Site URL is with https, then make sure that is correct.