January 23, 2017
Situation: ELB configured with TCP listeners, passing traffic on to
proxy_passes all traffic to the actual application server. Since we
want websockets to load balance properly, proxy protocol has been enabled on
both ELB and nginx. And since we want to get emails when stuff is not
working, there’s an HTTP health check setup on the ELB which accesses the same
port on which nginx is listening.
Can you spot the mistake?
Enabling proxy protocol on the ELB does not automatically translate to health checks. That is, even though the normal requests would be getting the fancy proxy protocol line prepended in front of every request, it’s going to be missing from the health check requests. Which means that soon, the load balancer is going to start taking instances out, thinking that they’re no longer healthy. Of course, all the instances are still healthy. They just aren’t receiving the extra proxy protocol info.
Switch the health check to TCP. This only checks whether or not a TCP connection can be successfully established (which might be OK for some cases). But not so much in case you want the health check to check the health of your application.
Configuring the health check to directly access your application server over HTTP would also work.
Alternatively, just use ALB.