1
votes
  • Created Amazon Load Balancer with 2 EC2 micro instance behind.
  • 2 EC2 micro instances are having python services.
  • Services are running fine and responding while directly calling them
  • Services NOT running when we call them via public DNS of Load Balancer. ELB throws 500 error.

Example of Direct calling EC2 instances services: ec2-54-200-1-2.us-west-2.compute.amazonaws.com/myservice ==> returns data

Example of calling Load Balancer: test-12345678.us-west-2.elb.amazonaws.com/myservice ==> returns 500 error

Further points: DJANGO property ALLOWED_HOSTS is set to ['*'] but did not work. Using HTTP protocol i.e. Mapping Load Balancer Protocol = HTTP with port 80 to Instance Protocol = HTTP with port 80

1
This has been resolved. There was another settings.py file which was overriding previous django settings file. Once we update ALLOWED_HOSTS to ['*'] in correct file then it worked.user2653294

1 Answers

1
votes

I acknowledge this is a very old question but I used a solution that I believe is better and doesn't jeopardize the security of the system by setting the ALLOWED_HOSTS = ['*'].

Here's a piece of Middleware class I wrote that I feel can be reused at will.

It inherits from CommonMiddleware and it is the one who should be used instead of CommonMiddleware in the MIDDLEWARE_CLASSES setting in settings.py.

from django.middleware.common import CommonMiddleware
from django.conf import settings
from django.http.response import HttpResponse
from django.utils import importlib

class CommonWithAllowedHeartbeatMiddleWare(CommonMiddleware):
    """ 
    A middleware class to take care of LoadBalancers whose HOST headers might change dynamically
    but are supposed to only access a specific path that returns a 200-OK status.
    This middleware allows these requests to the "heartbeat" path to bypass the ALLOWED_HOSTS mechanism check
    without jeopardizing the rest of the framework.
    (for more details on ALLOWED_HOSTS setting, see: https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts )

    settings.HEARTBEAT_PATH (default: "/heartbeat/"):
        This will be the path that is cleared and bypasses the common middleware's ALLOWED_HOSTS check. 

    settings.HEARTBEAT_METHOD (default: None):
        The full path to the method that should be called that checks the status. 
        This setting allows you to hook a method that will be called that can perform any kind of health checks and return the result.
        If no method is specified a simple HttpResponse("OK", status_code=200) will be returned.
        The method should expect the HttpRequest object of this request and return either True, False or a HttpResponse object.
        - True: middleware will return HttpResponse("OK")
        - False: middleware will return HttpResponse("Unhealthy", status_code=503) [status 503 - "Service Unavailable"]
        - HttpResponse: middleware will just return the HttpResponse object it got back.

    IMPORTANT NOTE:
    The method being called and any method it calls, cannot call HttpRequest.get_host().
    If they do, the ALLOWED_HOSTS mechanism will be called and SuspeciousOperation exception will be thrown.
    """

    def process_request(self, request):
        # Checking if the request is for the heartbeat path
        if request.path == getattr(settings, "HEARTBEAT_PATH", "/heartbeat/"):
            method_path = getattr(settings, "HEARTBEAT_METHOD", None)

            # Checking if there is a method that should be called instead of the default HttpResponse 
            if method_path:
                # Getting the module to import and method to call
                last_sep = method_path.rfind(".") 
                module_name = method_path[:last_sep]
                method = method_path[(last_sep+1):]
                module = importlib.import_module(module_name)

                # Calling the desired method
                result = getattr(module, method)(request)

                # If the result is alreay a HttpResponse object just return it
                if isinstance(result, HttpResponse):
                    return result
                # Otherwise, if the result is False, return a 503-response
                elif not result:
                    return HttpResponse("Unhealthy", status_code=503)

            # Just return OK
            return HttpResponse("OK")

        # If this is not a request to the specific heartbeat path, just let the common middleware do its magic
        return CommonMiddleware.process_request(self, request)

Of course I realize that this mechanism bypasses the CommonMiddleware altogether, but it does that only when the heartbeat path is requested, so I feel this is a little price to pay.

Hope somebody else finds it useful.