TeamCity vs. AWS Load Balancer (Host/X-Forwarded-Host header problem)
Hello,
I am running my TeamCity server on an EC2 instance and I am trying to enable HTTPS by proxying it through an Application Load Balancer.
I have the Load Balancer listening on 443 on a custom domain and forwarding traffic to port 8080 on the EC2 instance. So far, so good.
But when I access https://teamcity.example.com I get a warning message like this:
> The Host header was changed: host from the browser URL does not match Host or X-Forwarded-Host HTTP request headers received by the TeamCity server.
> Details: Host/ServerName = 'ec2-xx-xx-xx-xxx.eu-central-1.compute.amazonaws.com' while the browser host value is: 'teamcity.example.com'
It seems that the AWS Load Balancer does not set the X-Forwarded-Host header and the Host header is set to the internal ec2-xxx... url.
Do you have any pointers on how I can fix this issue?
Best
Jonas
Please sign in to leave a comment.
Hi Jonas,
I'm afraid I'm only able to provide general guidance on setting up a proxy, not specific details as I'm not particularly familiar with AWS Load balancer.
We have our specifics on CSRF Protection here: https://confluence.jetbrains.com/display/TCD18/CSRF+Protection. This are a good part of what blocks this kind of situations.
We have also our suggestions on adding configuration for the proxy here: https://confluence.jetbrains.com/pages/viewpage.action?pageId=113084582#HowTo...-OtherServersOtherservers
I'm going to pass your question to someone who might be able to help further here, but they're out of the office right now, so it might take a while to answer.
Hello Denis,
Thank you for the links.
We came to the conclusion that it is not possible to tweak the AWS load balancers to make them play nice with TeamCity, and ended up setting up the proxy on the server instead (using IIS/ARR and letsencrypt).
It's not ideal, but it works.
Best
Jonas