Nginx Proxy to AWS ELB not passing HTTPS protocol to Backend InstancesProxy HTTPS requests to a HTTP backend...
Describing a chess game in a novel
Is there a hypothetical scenario that would make Earth uninhabitable for humans, but not for (the majority of) other animals?
Light propagating through a sound wave
Geography in 3D perspective
How to terminate ping <dest> &
What is the relationship between relativity and the Doppler effect?
Unfrosted light bulb
How to get the n-th line after a grepped one?
Violin - Can double stops be played when the strings are not next to each other?
What does "^L" mean in C?
What favor did Moody owe Dumbledore?
Deletion of copy-ctor & copy-assignment - public, private or protected?
What is the significance behind "40 days" that often appears in the Bible?
Synchronized implementation of a bank account in Java
I got the following comment from a reputed math journal. What does it mean?
Why is indicated airspeed rather than ground speed used during the takeoff roll?
Can a wizard cast a spell during their first turn of combat if they initiated combat by releasing a readied spell?
Can other pieces capture a threatening piece and prevent a checkmate?
PTIJ: Why do we blow Shofar on Rosh Hashana and use a Lulav on Sukkos?
Suggestions on how to spend Shaabath (constructively) alone
What exactly term 'companion plants' means?
In what cases must I use 了 and in what cases not?
Help rendering a complicated sum/product formula
Do I need to consider instance restrictions when showing a language is in P?
Nginx Proxy to AWS ELB not passing HTTPS protocol to Backend Instances
Proxy HTTPS requests to a HTTP backend with NGINXNginx proxy pass works for https but not httpHow to redirect all HTTP traffic to HTTPS for a Django 1.4 application running on an EC2 with nginx/uWSGI behind ELB with an SSL certAWS ELB with SSL backend adds proxy protocol inside SSL streamListener Protocol for ELB in front of Squid ProxyHttp nginx behind https ELB and index auto redirectTrouble enabling Proxy Protocol on AWS ELBSSL on nginx behind AWS ELB, http to https redirectAWS - elb - nginx connection refusedNGINX proxy behind AWS ELB
this is my first ever question, so please go easy on me!
I'm trying to set up an Nginx proxy server to auto-generate SSL certificates using OpenResty/Lua and LetsEncrypt, within a multi-tenant SAAS platform.
The proxy server is running and certificates are being issued fine. The nginx config (via OpenResty) is passing off requests to my AWS Elastic (Classic) Load Balancer.
The problem is that the instances behind my ELB do not seem to be receiving the HTTPS protocol, so the links in my websites' navigation, etc. are all HTTP and not HTTPS.
For example, loading https://www.domain.com works, but clicking a link in the navigation shows http://www.domain.com/page.html
Here is my OpenResty/nginx config on the proxy:
http {
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.8.8 ipv6=off;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server {
listen 443 ssl;
location / {
proxy_pass http://AWS-ELB-URL-HERE;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
}
server {
listen 80;
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
}
server {
listen 127.0.0.1:8999;
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
In an attempt to try and determine if the issue is with my Rails app, I changed the nginx config to point directly to the instance IP address instead of the ELB. In doing so, all links are https(!), which is what I want!
So at this point, I believe the problem is either a) my nginx config isn't passing the protocol properly, or b) my ELB is not passing the protocol to the backend instance.
I'm sortof inclined to think that the ELB is the culprit, since everything works as expected when pointing the proxy to the instance IP directly.
So, I have started looking at the ELB configuration and listeners, but have not yet been able to find a configuration that works. Here's what I have now:
I have also tried changing it to:
Load Balancer Protocol: HTTPS (Secure HTTP),
Load Balancer Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
But that didn't work either, and the links are still HTTP.
I am now just guessing at what to do with regards to the Listeners and Ports, trying whichever configuration to see if it works or not. So far nothing.
Does anyone have any insight into what the issue could be and how to fix it? TIA!
nginx proxy ruby-on-rails amazon-elb openresty
asked Jun 20 '18 at 18:47
bryanusbryanus
101
bumped to the homepage by Community♦ 2 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
this is my first ever question, so please go easy on me!
I'm trying to set up an Nginx proxy server to auto-generate SSL certificates using OpenResty/Lua and LetsEncrypt, within a multi-tenant SAAS platform.
The proxy server is running and certificates are being issued fine. The nginx config (via OpenResty) is passing off requests to my AWS Elastic (Classic) Load Balancer.
The problem is that the instances behind my ELB do not seem to be receiving the HTTPS protocol, so the links in my websites' navigation, etc. are all HTTP and not HTTPS.
For example, loading https://www.domain.com works, but clicking a link in the navigation shows http://www.domain.com/page.html
Here is my OpenResty/nginx config on the proxy:
http {
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.8.8 ipv6=off;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server {
listen 443 ssl;
location / {
proxy_pass http://AWS-ELB-URL-HERE;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
}
server {
listen 80;
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
}
server {
listen 127.0.0.1:8999;
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
In an attempt to try and determine if the issue is with my Rails app, I changed the nginx config to point directly to the instance IP address instead of the ELB. In doing so, all links are https(!), which is what I want!
So at this point, I believe the problem is either a) my nginx config isn't passing the protocol properly, or b) my ELB is not passing the protocol to the backend instance.
I'm sortof inclined to think that the ELB is the culprit, since everything works as expected when pointing the proxy to the instance IP directly.
So, I have started looking at the ELB configuration and listeners, but have not yet been able to find a configuration that works. Here's what I have now:
I have also tried changing it to:
Load Balancer Protocol: HTTPS (Secure HTTP),
Load Balancer Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
But that didn't work either, and the links are still HTTP.
I am now just guessing at what to do with regards to the Listeners and Ports, trying whichever configuration to see if it works or not. So far nothing.
Does anyone have any insight into what the issue could be and how to fix it? TIA!
nginx proxy ruby-on-rails amazon-elb openresty
asked Jun 20 '18 at 18:47
bryanusbryanus
101
bumped to the homepage by Community♦ 2 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Why do you have Nginx in front of an ELB? That seems like an anti-pattern.
– Tim
Jun 25 '18 at 19:43
1
@Tim Because the proxy is running nginx/openResty to generate and issue SSL certificates on-the-fly for my multi-tenant SAAS, which is behind an AWS Classic ELB. AFAIK, this was the only way to issue certificates for all of our user's custom domains. AWS ELB doesn't support multiple certificates and even their Application LB only supports 25 certs max. It also isn't feasible to issue certificates onto the backend instances themselves, as they were behind the LB. This solution doesn't touch my app infrastructure.
– bryanus
Jun 26 '18 at 16:52
add a comment |
this is my first ever question, so please go easy on me!
I'm trying to set up an Nginx proxy server to auto-generate SSL certificates using OpenResty/Lua and LetsEncrypt, within a multi-tenant SAAS platform.
The proxy server is running and certificates are being issued fine. The nginx config (via OpenResty) is passing off requests to my AWS Elastic (Classic) Load Balancer.
The problem is that the instances behind my ELB do not seem to be receiving the HTTPS protocol, so the links in my websites' navigation, etc. are all HTTP and not HTTPS.
For example, loading https://www.domain.com works, but clicking a link in the navigation shows http://www.domain.com/page.html
Here is my OpenResty/nginx config on the proxy:
http {
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.8.8 ipv6=off;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server {
listen 443 ssl;
location / {
proxy_pass http://AWS-ELB-URL-HERE;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
}
server {
listen 80;
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
}
server {
listen 127.0.0.1:8999;
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
In an attempt to try and determine if the issue is with my Rails app, I changed the nginx config to point directly to the instance IP address instead of the ELB. In doing so, all links are https(!), which is what I want!
So at this point, I believe the problem is either a) my nginx config isn't passing the protocol properly, or b) my ELB is not passing the protocol to the backend instance.
I'm sortof inclined to think that the ELB is the culprit, since everything works as expected when pointing the proxy to the instance IP directly.
So, I have started looking at the ELB configuration and listeners, but have not yet been able to find a configuration that works. Here's what I have now:
I have also tried changing it to:
Load Balancer Protocol: HTTPS (Secure HTTP),
Load Balancer Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
But that didn't work either, and the links are still HTTP.
I am now just guessing at what to do with regards to the Listeners and Ports, trying whichever configuration to see if it works or not. So far nothing.
Does anyone have any insight into what the issue could be and how to fix it? TIA!
nginx proxy ruby-on-rails amazon-elb openresty
asked Jun 20 '18 at 18:47
bryanusbryanus
101
this is my first ever question, so please go easy on me!
I'm trying to set up an Nginx proxy server to auto-generate SSL certificates using OpenResty/Lua and LetsEncrypt, within a multi-tenant SAAS platform.
The proxy server is running and certificates are being issued fine. The nginx config (via OpenResty) is passing off requests to my AWS Elastic (Classic) Load Balancer.
The problem is that the instances behind my ELB do not seem to be receiving the HTTPS protocol, so the links in my websites' navigation, etc. are all HTTP and not HTTPS.
For example, loading https://www.domain.com works, but clicking a link in the navigation shows http://www.domain.com/page.html
Here is my OpenResty/nginx config on the proxy:
http {
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.8.8 ipv6=off;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server {
listen 443 ssl;
location / {
proxy_pass http://AWS-ELB-URL-HERE;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
}
server {
listen 80;
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
}
server {
listen 127.0.0.1:8999;
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
In an attempt to try and determine if the issue is with my Rails app, I changed the nginx config to point directly to the instance IP address instead of the ELB. In doing so, all links are https(!), which is what I want!
So at this point, I believe the problem is either a) my nginx config isn't passing the protocol properly, or b) my ELB is not passing the protocol to the backend instance.
I'm sortof inclined to think that the ELB is the culprit, since everything works as expected when pointing the proxy to the instance IP directly.
So, I have started looking at the ELB configuration and listeners, but have not yet been able to find a configuration that works. Here's what I have now:
I have also tried changing it to:
Load Balancer Protocol: HTTPS (Secure HTTP),
Load Balancer Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
But that didn't work either, and the links are still HTTP.
I am now just guessing at what to do with regards to the Listeners and Ports, trying whichever configuration to see if it works or not. So far nothing.
Does anyone have any insight into what the issue could be and how to fix it? TIA!
nginx proxy ruby-on-rails amazon-elb openresty
nginx proxy ruby-on-rails amazon-elb openresty
asked Jun 20 '18 at 18:47
bryanusbryanus
101
asked Jun 20 '18 at 18:47
bryanusbryanus
101
asked Jun 20 '18 at 18:47
bryanusbryanus
101
asked Jun 20 '18 at 18:47
bryanusbryanus
101
asked Jun 20 '18 at 18:47
bryanusbryanus
101
101
bumped to the homepage by Community♦ 2 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 2 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Why do you have Nginx in front of an ELB? That seems like an anti-pattern.
– Tim
Jun 25 '18 at 19:43
1
@Tim Because the proxy is running nginx/openResty to generate and issue SSL certificates on-the-fly for my multi-tenant SAAS, which is behind an AWS Classic ELB. AFAIK, this was the only way to issue certificates for all of our user's custom domains. AWS ELB doesn't support multiple certificates and even their Application LB only supports 25 certs max. It also isn't feasible to issue certificates onto the backend instances themselves, as they were behind the LB. This solution doesn't touch my app infrastructure.
– bryanus
Jun 26 '18 at 16:52
add a comment |
Why do you have Nginx in front of an ELB? That seems like an anti-pattern.
– Tim
Jun 25 '18 at 19:43
1
@Tim Because the proxy is running nginx/openResty to generate and issue SSL certificates on-the-fly for my multi-tenant SAAS, which is behind an AWS Classic ELB. AFAIK, this was the only way to issue certificates for all of our user's custom domains. AWS ELB doesn't support multiple certificates and even their Application LB only supports 25 certs max. It also isn't feasible to issue certificates onto the backend instances themselves, as they were behind the LB. This solution doesn't touch my app infrastructure.
– bryanus
Jun 26 '18 at 16:52
Why do you have Nginx in front of an ELB? That seems like an anti-pattern.
– Tim
Jun 25 '18 at 19:43
Why do you have Nginx in front of an ELB? That seems like an anti-pattern.
– Tim
Jun 25 '18 at 19:43
1
1
@Tim Because the proxy is running nginx/openResty to generate and issue SSL certificates on-the-fly for my multi-tenant SAAS, which is behind an AWS Classic ELB. AFAIK, this was the only way to issue certificates for all of our user's custom domains. AWS ELB doesn't support multiple certificates and even their Application LB only supports 25 certs max. It also isn't feasible to issue certificates onto the backend instances themselves, as they were behind the LB. This solution doesn't touch my app infrastructure.
– bryanus
Jun 26 '18 at 16:52
@Tim Because the proxy is running nginx/openResty to generate and issue SSL certificates on-the-fly for my multi-tenant SAAS, which is behind an AWS Classic ELB. AFAIK, this was the only way to issue certificates for all of our user's custom domains. AWS ELB doesn't support multiple certificates and even their Application LB only supports 25 certs max. It also isn't feasible to issue certificates onto the backend instances themselves, as they were behind the LB. This solution doesn't touch my app infrastructure.
– bryanus
Jun 26 '18 at 16:52
add a comment |
1 Answer
1
active
oldest
votes
ok, I figured it out! I just added an additional directive to the SSL block:
proxy_set_header X-Forwarded-Ssl on;
After restarting nginx, all requests are now passed as https to my ELB and app servers behind it!
Also, for my ELB listeners, I deleted the SSL (Secure TCP) listerner and added:
LB Protocol: HTTPS (Secure HTTP),
LB Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
answered Jun 25 '18 at 17:21
bryanusbryanus
101
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f917511%2fnginx-proxy-to-aws-elb-not-passing-https-protocol-to-backend-instances%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
ok, I figured it out! I just added an additional directive to the SSL block:
proxy_set_header X-Forwarded-Ssl on;
After restarting nginx, all requests are now passed as https to my ELB and app servers behind it!
Also, for my ELB listeners, I deleted the SSL (Secure TCP) listerner and added:
LB Protocol: HTTPS (Secure HTTP),
LB Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
answered Jun 25 '18 at 17:21
bryanusbryanus
101
add a comment |
ok, I figured it out! I just added an additional directive to the SSL block:
proxy_set_header X-Forwarded-Ssl on;
After restarting nginx, all requests are now passed as https to my ELB and app servers behind it!
Also, for my ELB listeners, I deleted the SSL (Secure TCP) listerner and added:
LB Protocol: HTTPS (Secure HTTP),
LB Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
answered Jun 25 '18 at 17:21
bryanusbryanus
101
add a comment |
ok, I figured it out! I just added an additional directive to the SSL block:
proxy_set_header X-Forwarded-Ssl on;
After restarting nginx, all requests are now passed as https to my ELB and app servers behind it!
Also, for my ELB listeners, I deleted the SSL (Secure TCP) listerner and added:
LB Protocol: HTTPS (Secure HTTP),
LB Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
answered Jun 25 '18 at 17:21
bryanusbryanus
101
ok, I figured it out! I just added an additional directive to the SSL block:
proxy_set_header X-Forwarded-Ssl on;
After restarting nginx, all requests are now passed as https to my ELB and app servers behind it!
Also, for my ELB listeners, I deleted the SSL (Secure TCP) listerner and added:
LB Protocol: HTTPS (Secure HTTP),
LB Port: 443,
Instance Protocol: HTTP,
Instance Port: 80
answered Jun 25 '18 at 17:21
bryanusbryanus
101
answered Jun 25 '18 at 17:21
bryanusbryanus
101
answered Jun 25 '18 at 17:21
bryanusbryanus
101
answered Jun 25 '18 at 17:21
bryanusbryanus
101
101
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f917511%2fnginx-proxy-to-aws-elb-not-passing-https-protocol-to-backend-instances%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Why do you have Nginx in front of an ELB? That seems like an anti-pattern.
– Tim
Jun 25 '18 at 19:43
1
@Tim Because the proxy is running nginx/openResty to generate and issue SSL certificates on-the-fly for my multi-tenant SAAS, which is behind an AWS Classic ELB. AFAIK, this was the only way to issue certificates for all of our user's custom domains. AWS ELB doesn't support multiple certificates and even their Application LB only supports 25 certs max. It also isn't feasible to issue certificates onto the backend instances themselves, as they were behind the LB. This solution doesn't touch my app infrastructure.
– bryanus
Jun 26 '18 at 16:52