Issues using PUBLIC_PROTOCOL #1544
Comments
I think you want to set FORCE_SSL to false? https://github.com/bors-ng/bors-ng/blob/master/config/prod.secret.exs is the canonical source for most environment variables. |
I was just writing :), I found https://github.com/bors-ng/bors-ng/blob/master/config/prod.secret.exs and deduced that would be what I wanted, but still same... Right now my config vars look like this (env vars generated using kustomize)
I also used a local shell to confirm all env vars are set properly. |
If it still doesn’t work, try building your own Docker image with line 37 (the one mentioning |
Thanks! I'll do that. But that will be next week. Reaching EOD here. |
I had the exact same issue and removing the line fixed it for me |
it seems like Bors-ng is trying to redirect the health check requests to HTTPS even though your load balancer is handling the HTTPS termination. You can try setting the PUBLIC_PROTOCOL environment variable to http to configure Bors-ng to use HTTP for public endpoints. Additionally, you may need to set the PUBLIC_PORT environment variable to 80 to match the port being used by your load balancer. It may also be helpful to check the headers being sent in the health check request and ensure that they match what Bors-ng is expecting. The logs indicate that Bors-ng is expecting the x-forwarded-for header to be set to https and the host header to be set to localhost. Make sure these headers are set correctly in the health check requests. |
Hi!
I'm running bors-ng in a Kubernetes (EKS) cluster behind an application load balancer which terminates the HTTPS for me.
I'm trying to get the health checks to properly request
/health
, but I'm not able to get it to work.I found the following PR (#1043) which sounds like what I want, but regardless of what I do I just get
for any request that does not have the header with value:
I tried setting the config var PUBLIC_PROTOCOL to http and also changing the PUBLIC_PORT to 80. The only change in startup logs between these settings is the following line:
13:24:49.139 pid=<0.2067.0> [info] Access BorsNG.Endpoint at http://bors.mydomain
13:23:34.459 pid=<0.2067.0> [info] Access BorsNG.Endpoint at http://bors.mydomain:443
My full startup log looks like this:
Last row shows the log from when the Application load balancer makes the health check request, which is redirected to an https url. This happens with all combinations of PUBLIC_PROTOCOL and PUBLIC_PORT.
From digging a bit, it seems the "scheme" for https://hexdocs.pm/plug/Plug.SSL.html always is https regardless of the PUBLIC_PROTOCOL setting.
I would like to dig into this myself, but I have 0 experience with Elixir and not sure if the startup is worth it. I can work around the issue by accepting the 301 as an ok response, but I think this is something others could benefit from as well.
The text was updated successfully, but these errors were encountered: