IIS forced https redirect causes 503 error

0
votes

I have a load balancing environment on AWS powered by Elastic Beanstalk. The SSL certificate is applied on the load balancer. To force https redirects, i have followed the accepted andswer in this post Redirect to https through url rewrite in IIS within elastic beanstalk's load balancer. These are the exact lines of code which i have written in web.config

 <rewrite>
  <rules>
    <rule name="Force Https" stopProcessing="true">
      <match url="healthcheck.html" negate="true" />
      <conditions>
        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

But this causes the environment health to become red within 5 minutes of publish and website starts giving 503 errors. If i remove them, then there are no errors. Kindly help me fix this menace so that https redirection is successful. In the first 5 mins after the publish, http requests are successfully redirected to https. Only after that 503 error starts coming.

1
amazon-web-servicesredirectssliis

1 Answers

1
votes

If your ELB is reporting HTTP status code 503, it generally means that there are no healthy EC2 instances behind it.

See the ELB toubleshooting guide: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ts-elb-error-message.html#ts-elb-errorcodes-http503

So now the question is why?

Basically, your health check is failing.

In that snippet of code you pasted, you are forcing an HTTP to HTTPS redirect of all requests except for healthcheck.html. The idea is that this single exclusion should be your health check.

To resolve this issue:

  1. Make sure you have a health check on your EC2 instance that returns 200 when hitting the EC2 instance directly via HTTP. The health check must return 200 otherwise the ELB will fail the check and your EC2 instance will be considered unhealthy.

  2. Make sure your ELB-configured health check matches that EC2 instance health check path. Include a leading / at the start of the health check path.

  3. Put the health check path in your <rewrite> rule, omitting the leading /. You may want to put a ^ at the start and a $ at the end since it's a regex comparison.

If the value in the <rewrite> rule doesn't match the actual health check in your ELB, then your ELB will receive a HTTP to HTTPS redirect response, which is considered a failure.