When running behind load balancers/reverse proxies you may see failed connection errors with CircleCI. This is due to CircleCI never receiving the HTTPS url that is handled by the load balancer. A common pattern for this configuration is:
(User) --HTTPS--> (Load Balancer ) --HTTP--> (CircleCI)
You may see GitHub authentication errors, such as:
You can use the system variable CIRCLE_URL to define a HTTPS url:
- Find the hostname CircleCI is exposed on, must match that defined in :8800/settings
- Edit customizations file on Services node
sudo vi /etc/circle-installation-customizations
- Add full path to host including HTTPS prefix, i.e
- Restart services via replicated console.
You may also encounter an error where the front-end does not update automatically:
pusher-94f425ff3b262f615972fa7cdfed368b.min.js:72 WebSocket connection to 'wss://circleci.org.net/app/circle?protocol=7&client=js&version=2.2.4&flash=false' failed: Error during WebSocket handshake: Unexpected response code: 404
To resolve this add an SSL certificate between the ELB and the services box, connecting port 443 to port 443. Usually the ELB is trying to connect to port 80 on the Services client, instead of 443.