Category Archives: aws-opsworks

Force HTTPS with AWS HAProxy – HTTP 503 Service Unavailable

I have a setup in AWS Opsworks where I'm using a HAProxy to balance load. I am also forcing HTTP to HTTPS using htaccess.

Whenever I deploy a site, the site (and all other sites form the stack) afterwards shows 503 Service Unavailable when I request it with HTTP but works fine when I request it with HTTPS.

If I look at the stats it shows the same result where 'php_app_servers' are constantly down and 'php_app_servers_ssl' are up. For a long time I could fix this by doing a service haproxy restart on the HAProxy after a deployment. This would make the HTTP work again. Suddenly this stopped working. I now got the sense that the problem could be that the health check is failing because of the forced HTTPS, but I cannot verify this.

So I see two issues

  1. Either there is a problem with the configuration of the HAProxy (which is completely out-of-the-box from Opsworks), or
  2. the forced HTTPS is causing the HAProxy to fail health checks, because it's redirected before and never returns the correct header.

Here is the code that I'm using

htaccess

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]

haproxy.cfg

backend php_app_servers
  balance roundrobin
  option redispatch
  option forwardfor
  option httpchk OPTIONS /
  server server_name ip-address:80 weight 4 maxconn 40 check inter 10s


backend php_app_servers_ssl
  mode tcp
  balance roundrobin
  option redispatch
  option ssl-hello-chk
  server server_name ip-address:443 weight 4 maxconn 40 check inter 10s

Can anybody suggest a solution or see what I'm doing wrong? Thanks.

Apache continues to exist in a chef instance

I'm currently running chef kitchen on vagrant to test my custom recipes for later use in AWS OpsWorks.

For some reason nginx is having problems to start((98: Address already in use)), because of the apache2 service starts running before nginx is started in my recipe. The confusing thing is that I don't have specified apache2 to install. Yet I've tried adding this before my nginx start recipe. But to no avail. I've tried destroying my vagrant machine multiple times but apache2 still persists.

I'm really confused by this behaviour and would appreciate a lot of if someone might have a clue why this is happening.

The vagrant machine is running ubuntu 16.04

recipes/setup.rb

...
package "apache2" do
    action :purge
end
service "apache2" do
    supports :status => true
    action :stop
    action :disable
    retries 5
end
# enable the server block we just created
    nginx_site 'api' do
    action :enable
    notifies :reload, 'service[nginx]'
end

metadata.rb

...
version '0.1.0'
depends 'apt', '~> 6.0'
depends 'locale', '~> 2.0.0'
depends 'php', '~> 2.2.0'
depends 'chef_nginx', '~> 5.0.7'
depends 'application', '~> 5.1.0'

Berksfile.lock

DEPENDENCIES
  api
    path: .
    metadata: true

GRAPH
  application (5.1.0)
    poise (~> 2.4)
    poise-service (~> 1.0)
  apt (6.0.0)
  build-essential (8.0.0)
    mingw (>= 1.1)
    seven_zip (>= 0.0.0)
  chef_nginx (5.0.7)
    build-essential (>= 0.0.0)
    compat_resource (>= 12.16.3)
    ohai (>= 4.1.0)
    runit (>= 1.6.0)
    yum-epel (>= 0.0.0)
    zypper (>= 0.0.0)
  compat_resource (12.16.3)
  iis (5.0.5)
    windows (>= 1.34.6)
  locale (2.0.0)
  mingw (1.2.5)
    compat_resource (>= 12.16.3)
    seven_zip (>= 0.0.0)
  api (0.1.0)
    application (~> 5.1.0)
    apt (~> 6.0)
    chef_nginx (~> 5.0.7)
    locale (~> 2.0.0)
    php (~> 2.2.0)
  mysql (8.2.0)
  ohai (4.2.3)
    compat_resource (>= 12.14.7)
  packagecloud (0.2.5)
  php (2.2.0)
    build-essential (>= 0.0.0)
    iis (>= 0.0.0)
    mysql (>= 6.0.0)
    xml (>= 0.0.0)
    yum-epel (>= 0.0.0)
  poise (2.7.2)
  poise-service (1.4.2)
    poise (~> 2.0)
  runit (3.0.5)
    packagecloud (>= 0.0.0)
    yum-epel (>= 0.0.0)
  seven_zip (2.0.2)
    windows (>= 1.2.2)
  windows (2.1.1)
    ohai (>= 4.0.0)
  xml (3.1.1)
    build-essential (>= 0.0.0)
  yum-epel (2.1.1)
    compat_resource (>= 12.16.3)
  zypper (0.3.0)

httpd24 and php55 conflicts in opsworks

I am trying to make a stack in opsworks with a php based application. I want to have php5.5 and apache 2.4 on the instances. In order to have those versions I am using the following cookbook: https://github.com/stepking/opsworks-php55-apache24

The instances are created with the correct versions but when I try to deploy the application I get a conflict because the cookbook is trying to install httpd2.2.

If I change the cookbook to install httpd24 I get an error because mod_authz_ldap is not installed and cannot be installed because httpd-tools cannot be installed because httpd24-tools is installed...

Can anyone help me solve this problem ?

AWS OpsWorks Apache Virtual Configuration Automation

I need to get the below configuration into apache utilizing OpsWorks and Chef recipes. It is so I can do a reverse proxy of a URL directory over to an S3 bucket.

ProxyRequests Off

<Proxy *>
  Order deny,allow
  Allow from all
</Proxy>

ProxyPass /images/ http://images.s3-website-us-east-1.amazonaws.com/

How do I get this configured automatically with OpsWorks? Chef recipe? Do I need to do a new apache template and override the built-in template? If so, which one?

Error executing action `run` on resource ‘execute[enable mod_proxy for apache-tomcat binding]‘

I am using this github repo to understand the working of Berkshelf when used along with Amazon Opsworks. The basic idea behind what i am trying is if i mention apache2 as a dependency in berksfile for my phpapp recipe then it will automatically manage the dependencies for apache2 which itself is a dependency for phpapp. when i try this with AWS opsworks i get the following error.

   ================================================================================
   Error executing action `run` on resource 'execute[enable mod_proxy for apache-tomcat binding]'
   ================================================================================


Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /usr/sbin/a2enmod proxy ----
STDOUT: 
STDERR: ERROR: Module proxy does not exist!
---- End output of /usr/sbin/a2enmod proxy ----
Ran /usr/sbin/a2enmod proxy returned 1


Resource Declaration:
---------------------
# In /var/lib/aws/opsworks/cache.stage2/cookbooks/opsworks_java/recipes/apache_tomcat_bind.rb

1: execute 'enable mod_proxy for apache-tomcat binding' do
2:   command '/usr/sbin/a2enmod proxy'
3:   not_if do
4:     ::File.symlink?(::File.join(node['apache']['dir'], 'mods-enabled', 'proxy.load')) || node['opsworks_java']['tomcat']['apache_tomcat_bind_mod'] !~ /\Aproxy/
5:   end
6: end
7: 



Compiled Resource:
------------------
# Declared in /var/lib/aws/opsworks/cache.stage2/cookbooks/opsworks_java/recipes/apache_tomcat_bind.rb:1:in `from_file'

execute("enable mod_proxy for apache-tomcat binding") do
action "run"
retries 0
retry_delay 2
command "/usr/sbin/a2enmod proxy"
backup 5
returns 0
cookbook_name "opsworks_java"
recipe_name "apache_tomcat_bind"
not_if { #code block }
end

Chef – Trying to add an apache2 alias to a vhost file

I'm new to Chef and am running an AWS OpsWorks environment and deploying code via Chef 11.10. I am trying to create two alias lines within the vhost file on an instance running apache2:

alias /foo /my/dir/name/
alias /bar /another/my/dir/name

I have a custom cookbook in an S3 bucket that OpsWorks is successfully pulling and distributing to all instances. Within that custom cookbook, I have a recipe called vhosts.rb:

include_recipe "apache2"

web_app "Test1" do
  server_name "Web1.com"
  server_aliases ["www.Web1.com"]
  allow_override "all"
  docroot "/srv/www/web_test/current/sites/"
end

This creates a vhost file just fine, but I cannot figure out how to add the alias lines. I've looked through the OpsCode default apache2 cookbook, and I cannot find any reference to generic alias commands/params in default.rb, mod_alias, web_app, or web_app.conf.erb.

How can I add these alias lines? I'm sure this is easy, but I'm drowning trying to figure it out. Any help would be greatly appreciated.