We have a Ruby/Rails website we’re migrating from Heroku to AWS. The original dev is not available. I’m now trying to complete the migration. My background is in the Windows / .NET world. This Linux / Ruby/Rails environment is quite foreign to me…

Here’s the current environment I’ve set-up:

Route 53

CloudFront

The CloudFront distribution:

• uses an AWS issued SSL cert
• handles the http to https redirect
• forwards the request to the ELB over http (not https)

Load Balancer

Target Group: foo-ec2 contains a single Ubuntu ec2 instance running nginx/1.18.0 + Phusion Passenger 6.0.10 to serve up the Ruby/Rails site.

nginx config

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # SSL Config - we should NEVER receive 443/https traffic; 
    # CloudFront manages https traffic => AWS ELB => http to this server
    #listen 443 ssl default_server;
    #listen [::]:443 ssl default_server;

    server_name foo.example.com
                foo.us-west-2.elb.amazonaws.com;

    # Tell Nginx and Passenger where the app's 'public' directory is
    root /var/www/foo_example/public;

    # Turn on Passenger
    passenger_enabled on;
    passenger_app_env production;
    passenger_ruby /home/ubuntu/.rbenv/versions/2.6.8/bin/ruby;
}

Issue

The rails app starts up without error and is served over https. However, when a user attempts to log in / authenticate, the Devise gem sends back a redirect using http and the ELB’s DNS name.

Example

sign_in request

Request URL: https://foo.example.com/users/sign_in
Request Method: POST
Status Code: 302 

sign_in response

location: http://foo.us-west-2.elb.amazonaws.com/users
server: nginx/1.18.0 + Phusion Passenger(R) 6.0.10
status: 302 Found

Notice the request was over https and our domain:

• https://foo.example.com

But now we’re over http and the ELB’s domain:

• http://foo.us-west-2.elb.amazonaws.com

My assumption

The devise gem is seeing the host from the ELB and then generates the URL from the ELB host, creating two issues:

• we are now on http since the ELB communicates with the ec2 instance over http
• we are now on the ELB’s host name, foo.us-west-2.elb.amazonaws.com, instead of our name, foo.example.com

I’ve looked into the devise documentation to see if we can just pass in the http protocol and domain to use when creating the post back, but my ruby knowledge is limited. Plus, I think this would be the "bad" path; where the "good" path would be to have the AWS ELB forward the actual domain name, instead of it’s own.

I’ve reviewed several SO and related stack sites with similar questions, but I’ve either ended up with an infinite loop redirect, or the various config changes have resulted in the same behavior of the devise gem creating the wrong URL post back.

These two questions seem to be the closest, but I’m not quite able to make the "connection" between the answers and my limited knowledge of this ecosystem.

• AWS Cloudfront + Load Balancer, url changes from main domain to load balancer subdomain
• cloudfront domain replaced by application load balancer dns name when redirecting from http to https

Question

How can I get the AWS ELB to forward our domain, foo.example.com, to the ec2 target group and not the ELB’s domain?