MFE not working when running behind a load balancer (Maple)

image

I’m running tutor 13.1.5 behind an AWS load balancer (ENABLE_WEB_PROXY set to false) and none of the MFEs are working.

I can’t see any errors in the logs (caddy or lms) or in the browser.

The only time I have an MFE working is when I am not logged in and I go to the authentication MFE (not currently in the default installation). If I try to access the same MFE once I am logged in, I get the same error page instead of being redirected to the dashboard.

I deployed a separate instance that’s not running behind a load balancer and the MFE and the MFEs work fine.

Any suggestions on where too look at to debug this issue?

Can you post a screenshot of the HTTP requests made from the browser?


Is that what you are looking for?

I speculate it might have something to do with the cookie, given the MFEs works fine while not logged in.
Can you check the response cookies, is it what it suppose to be?

And lastly while checking AWS loadbalancer doc I found this:

  • If you have a trailing semicolon in the Set-Cookie field of an application cookie, the load balancer ignores the cookie.
    Add to that looking at set-cookie field while logging in it does have a trailing semicolon.

However to make sure or confirm, if this is relevant or not, just check/compare the response header of Set-Cookie with and without AWS load balancer, when the request of POST /login_session

ref: Configure sticky sessions for your Classic Load Balancer - Elastic Load Balancing and amazon ec2 - AWS Load Balancer does not forward Cookies - Server Fault

I just tried to add an ALB for that tutor instance and it works :face_with_head_bandage:

image

For Request URL: https://LMS_BASE_URL/login_refresh for the instance behind ALB set-cookie ends with “Max-Age=3600; Path=/; Secure”.~

I’m going to look at the cookies between the two

You were on right about the cookies @ghassanmas!

Thanks @regis for spotting the specific cookie issue.

My MFEs are not running under a subdomain of the LMS. Before maple, SESSION_COOKIE_DOMAIN was configured to be the shared cookie domain for the LMS and CMS services. Following the change of SESSION_COOKIE_DOMAIN in Maple they each have their own SESSION_COOKIE_DOMAIN. Which meant that in my case, the MFEs no longer had access to the session_id cookie.

I fixed by adding "SESSION_COOKIE_DOMAIN": ".<shared_domain>" to the lms-env patch.

Thanks for the help guys!

2 Likes