I have an nginx server running on port 8080 that sits behind an AWS Application Load Balancer. I have the following location block in the nginx.conf,
location / {
limit_except GET { deny all; }
root /root/of/project/;
index index.html;
try_files $uri $uri/ /index.html;
}
When I run the server locally, I am able to hit /some/path/ and /some/path and get the same response, i.e. the trailing slash doesn’t affect anything. I would expect the same behavior when I deploy the application.
I set up the AWS ALB with an HTTP listener on port 80 that redirects all traffic to the HTTPS listener on port 443. The HTTPS listener simply forwards to the target group where the nginx server lives. Those are the only two load balancer rules I have, nothing else.
After I deploy the app, when I hit a url with a trailing slash (say, https://example.com/about/), everything is fine. It loads as expected. No redirects or anything. I can see the request come through in the nginx logs.
However, if I hit a URL without a trailing slash, e.g.
The ALB redirects to
http://example.com:8080/about/
and then never loads. I never see any logs on the nginx server for that request, which means it never got passed from the ALB to the target group. The request times out after a few minutes.
It seems like the ALB might be trying to forward the request to the target group, since 8080 is the port the nginx server runs on, but I’m not sure why the request never arrives. It doesn’t seem like the trailing slash should affect whether or not the request is forwarded, but I’m not sure.
I thought maybe I could set up a rule that redirects a route without a trailing slash to the same route with a trailing slash on the ALB level, but load balancer rules only have wildcards, no regular expressions. So, that’s a deadend. I’m not sure that would even solve the problem, though, since the problem seems to be on the ALB level, not the application level.
Does anyone have any idea what’s going on?
2
Answers
A better setup would be to simply do SSL termination at your ALB and then create a HTTP listener with a forward rule which has your target group as the destination. This has multiple benefits in terms of simplified management of the certificates, performance and so forth.
Read here about setting up HTTP listener
Best,
Stefan
Had this problem yesterday, I only have an ALB listener on 443 and nginx is open on 80, I think I fixed it with "absolute_redirect off;" in nginx config. My full conf file: