AWS EB - Redirect all traffic to https

 ̄綄美尐妖づ 提交于 2020-12-09 09:55:34

问题


My nodejs app is deployed on AWS EB. I already configured the https server and it is working fine. Now I need to redirect every non-https request to https with the www. as prefix, like this:

GET example.com => https://www.example.com

I'm using nginx and my EB instance is a single instance without load balancer in front of it.

I have created a config file in the .ebextensions folder with this code

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

files:
  /etc/nginx/conf.d/999_nginx.conf:
    mode: "000644"
    owner: root
    group: root
    content: |

      upstream nodejsserver {
        server 127.0.0.1:8081;
        keepalive 256;
      }

      # HTTP server

      server {
        listen       8080;
        server_name  localhost;
        return        301 https://$host$request_uri;
      }

      # HTTPS server

      server {
        listen       443;
        server_name  localhost;

        ssl                  on;
        ssl_certificate      /etc/pki/tls/certs/server.crt;
        ssl_certificate_key  /etc/pki/tls/certs/server.key;

        ssl_session_timeout  5m;

        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_prefer_server_ciphers   on;

        location / {
          proxy_pass  http://nodejsserver;
          proxy_set_header   Connection "";
          proxy_http_version 1.1;
          proxy_set_header        Host                $host;
          proxy_set_header        X-Real-IP           $remote_addr;
          proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto   https;
        }
      }

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      my crt
      -----END CERTIFICATE-----

  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      my key
      -----END RSA PRIVATE KEY-----

  /etc/nginx/conf.d/gzip.conf:
    content: |
      gzip on;
      gzip_comp_level 9;
      gzip_http_version 1.0;
      gzip_types text/plain text/css image/png image/gif image/jpeg application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
      gzip_proxied any;
      gzip_disable "msie6";

commands:
   00_enable_site:
    command: 'rm -f /etc/nginx/sites-enabled/*'

I'm sure aws is taking in account my config because de ssl is working fine. But the http block does not work.. There is no redirect.

Maybe my problem is about rewriting the original nginx config of EB, do you know how to achieve this ?

Can you help me with that please ? I've tried a lot of things..

Thank you


回答1:


OK, found the issue, EB creates a default config file /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf which is listening to 8080. So your re-direct isn't being picked up as Nginx is using the earlier defined rule for 8080.

Here's a config file that I use that works. The file it generates will precede the default rule.

https://github.com/jozzhart/beanstalk-single-forced-ssl-nodejs-pm2/blob/master/.ebextensions/https-redirect.config



来源:https://stackoverflow.com/questions/37490424/aws-eb-redirect-all-traffic-to-https

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!