#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.