问题
My nodejs app is deployed on AWS EB. I already configured the https server and it is working fine. Now I need to redirect every non-https request to https with the www. as prefix, like this:
GET example.com => https://www.example.com
I'm using nginx and my EB instance is a single instance without load balancer in front of it.
I have created a config file in the .ebextensions folder with this code
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 files: /etc/nginx/conf.d/999_nginx.conf: mode: "000644" owner: root group: root content: | upstream nodejsserver { server 127.0.0.1:8081; keepalive 256; } # HTTP server server { listen 8080; server_name localhost; return 301 https://$host$request_uri; } # HTTPS server server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/pki/tls/certs/server.crt; ssl_certificate_key /etc/pki/tls/certs/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; location / { proxy_pass http://nodejsserver; proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } } /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root content: | -----BEGIN CERTIFICATE----- my crt -----END CERTIFICATE----- /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root content: | -----BEGIN RSA PRIVATE KEY----- my key -----END RSA PRIVATE KEY----- /etc/nginx/conf.d/gzip.conf: content: | gzip on; gzip_comp_level 9; gzip_http_version 1.0; gzip_types text/plain text/css image/png image/gif image/jpeg application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml; gzip_proxied any; gzip_disable "msie6"; commands: 00_enable_site: command: 'rm -f /etc/nginx/sites-enabled/*'
I'm sure aws is taking in account my config because de ssl is working fine. But the http block does not work.. There is no redirect.
Maybe my problem is about rewriting the original nginx config of EB, do you know how to achieve this ?
Can you help me with that please ? I've tried a lot of things..
Thank you
回答1:
OK, found the issue, EB creates a default config file /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
which is listening to 8080. So your re-direct isn't being picked up as Nginx is using the earlier defined rule for 8080.
Here's a config file that I use that works. The file it generates will precede the default rule.
https://github.com/jozzhart/beanstalk-single-forced-ssl-nodejs-pm2/blob/master/.ebextensions/https-redirect.config
来源:https://stackoverflow.com/questions/37490424/aws-eb-redirect-all-traffic-to-https