Open edX behind ELB

Hi all,

Are you running Open edX behind a AWS ELB (Elastic Load Balancer)? What is your experience?
How do you configure the health check? Assuming that the ELB is configured to listen to port 443, do you have the Open edX instance communicating with the ELB on port 443 or port 80?

@andres, we, at OpenCraft, deploy some Open edX instances behind an ELB and this is what we do during the set up.

  • On the Configure Routing step of the load balancer creation, create a new target group. Give it a recognizable name, set Protocol to HTTP and Port to 80 . Target type should be set to instance . Under Health checks , set Protocol to HTTP and Path to /heartbeat .

  • In the Register Targets step, select the Open edX EC2 instance you and click Add to registered .

  • Go to Review and click Create .

  • Now go to the Target Groups section and select the target group that was automatically created with the load balancer. Select Actions -> Edit attributes . Click the checkbox to enable Stickiness and set Stickiness duration to 180 seconds. Some parts of edx-platform do not function correctly without sticky sessions.

The Open edX EC2 instances are ephemeral and all the data to be persisted is stored in external systems. So it is easy to deploy new EC2 instances to deploy changes or scale using ASGs.

Thanks @guruprasad for your tips!
Let me confirm then some key points:

  • SSL certificates are in the ELB, but communication between ELB and the Open edX instance is in port 80. The ELB will close the HTTPS connection and open a HTTP with the instance.
  • You had to change an nginx config in order to reply to the /heartbeat URI with a 200
  • Move all persistent data out of the open edx instance. This is:
    – Mysql
    – MongoDB
    – File storage, move to S3

Am I correct?

Andrés

You can use HTTPS on the EC2 instance and configure ELB to proxy requests over HTTPS, but in a properly configured setup, the EC2 instances’ web server will never be directly exposed to the internet. So using HTTPS doesn’t matter. But if you still want to use HTTPS, you can even use a self-signed SSL certificate as ELB will trust any certificate without validation.

There is a heartbeat app in the Open edX platform that is enabled by default in Juniper and serves the requests to /heartbeat. For older releases, you will have to add openedx.core.djangoapps.heartbeat to ADDL_INSTALLED_APPS in lms.env.json.

Move all persistent data out of the open edx instance. This is:
– Mysql
– MongoDB
– File storage, move to S3

You should also consider using external services for Redis, Memcached if you want to run multiple EC2 instances to serve the same site. Otherwise, you will likely run into issues with celery jobs as by default the state is stored on local instances of these services and that will cause trouble.