Ansible tower not working with nginx and elb

[rajeevpnair]

I am new to ansible and aws, I have an ansible tower server which is recently updated from 3.0.1 to 3.1.4. installed on a single node with postgres DB. I can able to access the tower locally. But when i am using a ELB to access the tower its giving http 503 error.

Below is my nginx configuration file..requesting all your help to fix the issue.

worker_processes auto;

error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;

events { worker_connections 1024; }

http { include /etc/nginx/mime.types; default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

sendfile        on;
tcp_nopush      on;
tcp_nodelay     on;

upstream uwsgi {
    server 127.0.0.1:8050;
}

upstream daphne {
    server 127.0.0.1:8051;
}

server {
            listen 443  default_server ssl;
    listen 127.0.0.1:80 default_server;
            listen [::1]:80 default_server;

    # If you have a domain name, this is where to add it
    server_name _;
    keepalive_timeout 65;

            ssl_certificate /etc/tower/tower.cert;
    ssl_certificate_key /etc/tower/tower.key;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    # intermediate configuration
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
    add_header X-Frame-Options "DENY";

    location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
    location /static { alias /var/lib/awx/public/static; }

    location /websocket {
        # Pass request to the upstream alias
        proxy_pass http://daphne;
        # Require http version 1.1 to allow for upgrade requests
        proxy_http_version 1.1;
        # We want proxy_buffering off for proxying to websockets.
        proxy_buffering off;
        # http://en.wikipedia.org/wiki/X-Forwarded-For
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # enable this if you use HTTPS:
        proxy_set_header X-Forwarded-Proto https;
        # pass the Host: header from the client for the sake of redirects
        proxy_set_header Host $http_host;
        # We've set the Host header, so we don't need Nginx to muddle
        # about with redirects
        proxy_redirect off;
        # Depending on the request value, set the Upgrade and
        # connection headers
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

    location / {
        # Redirect if there is no forward-slash
        rewrite ^(.*[^/])$ $1/ permanent;
        uwsgi_read_timeout 120s;
        uwsgi_pass uwsgi;
        include /etc/nginx/uwsgi_params;
    }
}

    server {
    listen 80 default_server;
            listen [::]:80 default_server;
            server_name _;
            return 301 https://$host:443$request_uri;
        }

[pieterlange]

Fairly certain you're in the wrong repo. Try the ansible tower folks, they have excellent commercial support.

[aledbf]

Closing. This issue is not related to ingress controllers.