How to avoid basic authentication for AWS ELB health-check with nginx configuration

Question

I'm having a trouble trying to implement basic authentication for ELB healthcheck. I've searched quite a bit to figure out the nginx file configuration to avoid 401 error shown below, which ELB returns due to basic authentication

unhealthy in target-group hogehoge due to (reason Health checks failed with these codes: [401])

I've tried to modify nginx.conf so as to avoid it, but it doesn't work. The code below gives me [emerg] "server" directive is not allowed here error.

http {
    server {
        location / {
            if (!$http_x_forwarded_for) {
                auth_basic           'Please enter ID and password';
                auth_basic_user_file /usr/src/redmine/.htpasswd;
            }
        }
    }
}

How can I avoid 401 error by ELB healthcheck due to basic authentication?

Thanks for the help.

Answer 1

The easiest approach would be to create a location for the ELB, for example:

location /elb-status {
  access_log off;
  return 200;
}

You will just need to change the Ping Path to be /elb-status

If you want to see something on your browser while testing you may need to change the content-type since defaults to application/octet-stream and the browser will offer to save the file, so something like this should work:

location /elb-status {
   access_log off;
   return 200 'your text goes here';
   add_header Content-Type text/plain;
}

If you would like to check against the user-agent something like this could be used:

set $block 1;

# Allow all the ELB health check agents.
if ($http_user_agent ~* '^ELB-HealthChecker\/.*$') {
    set $block 0;
}
if (!$http_x_forwarded_for) {
    set $block 1
}

if ($block = 1) {
    auth_basic           'Please enter ID and password';
    auth_basic_user_file /usr/src/redmine/.htpasswd;
}