How do I properly configure a Laravel application with nginx on multiple EC2 instances behind an AWS ELB with SSL-termination?

I have a legacy Laravel 5.7 app with a vue.js client that I am setting up in AWS.

The app works great in this setup: single EC2 instance with an nginx reverse proxy with both the API and client running on the same instance.

There is an authentication issue in this setup: multiple EC2 instances (with a per-instance nginx reverse proxy) in a single target group behind an elastic load balancer with ssl termination. This setup is the same for both the client group and API group.

In the load-balanced setup, I see duplicate calls to the authentication endpoint each time I click the Login button. This results in multiple auth tokens being issued for each login attempt.

The first post-login call for each authentication request results in an HTTP 401 response. It kicks me back out to the login screen.

What I have changed in the nginx config for the both the API and client between the two setups is removed these lines

    # Route all HTTP traffic to HTTPS
    server {
        listen      *:80;
        add_header  Strict-Transport-Security max-age=15768000;
        return      301 https://$host$request_uri;
    }

changed

listen    *:443 ssl;

to

listen    *:80;

in the server block, and removed the ssl_certificate, and ssl_certificate_key settings from the server block since the ssl-termination now happens at the ELB.

The API ELB is configured to route all port 80 requests to port 443, with the load balancing algorithm set to "Least outstanding requests" and Stickiness turned off.

The client ELB is also configured to route all port 80 requests to port 443, with load balancing algorithm set to "Least outstanding request". However, Stickines is turned on with an lb-issued cookie.

Seems like the issue would be with the load balancer, or with the nginx config, since those are the only two things that have changed between the two setups.

Is there something that needs to be updated in the Laravel app configuration to work properly in the load-balanced scenario? What about the vue.js client app? Is there a setting in either my load balancer or target group that needs to be set or changed? Or is there something that needs to be set in the nginx config?

Nginx config on the load-balanced API setup:

nginx.conf

user #redacted;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 2048;
    multi_accept on;
    use epoll;
}

http {
    include     mime.types;
    default_type    application/octet-stream;

    server_tokens   off;

    #####################
    # Basic Settings
    #####################

    sendfile        on;
    keepalive_timeout   65;
    client_body_timeout 10;
    client_header_timeout   10;
    send_timeout        10;
    tcp_nopush      on;
    tcp_nodelay     on;
    gzip            on;
    charset         UTF-8;
    client_max_body_size    100M;

    ######################
    # Logging Settings
    ######################

    access_log      /var/log/nginx/access.log;
    error_log       /var/log/nginx/error.log;

    include /etc/nginx/sites-available/*.conf;  
}

site.conf (include file)

######################
# Server Settings
######################

server {
    listen          *:80;
    root            /app/public;
    index           index.php;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
        location ~ \.php$ {
                try_files $uri = /404.html;
                fastcgi_pass 127.0.0.1:8080;
                fastcgi_index index.php;
                fastcgi_buffers 16 16k;
                fastcgi_buffer_size 32k;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_read_timeout 300;
                include fastcgi_params;
    }
}

Nginx config on the load-balanced client setup:

nginx.conf

user               #redacted;
worker_processes   auto;
pid                /run/nginx.pid;

events {
    worker_connections 2048;
    multi_accept on;
    use epoll;
}

http {
    include         mime.types;
    default_type    application/octet-stream;

    server_tokens   off;

    #####################
    # Basic Settings
    #####################

    sendfile        on;
    keepalive_timeout   65;
    client_body_timeout 10;
    client_header_timeout   10;
    send_timeout        10;
    tcp_nopush      on;
    tcp_nodelay     on;
    gzip            on;
    charset         UTF-8;
    client_max_body_size    100M;

    ######################
    # Logging Settings
    ######################

    access_log      /var/log/nginx/access.log;
    error_log       /var/log/nginx/error.log;

    include /etc/nginx/sites-available/*.conf;  
}

}

site.conf (include file)

server {
        listen                  *:80;
        server_name             #redacted;
        root                    /var/www/app;
                
        # Headers
        add_header              X-Frame-Options DENY;
                              
        location / {
                try_files $uri $uri/ /index.html;
                index index.htm index.html;
        }
}   

via Chebli Mohamed