Elastic Beanstalk Http重定向到Https

时间:2016-03-05 17:30:04

标签: amazon-web-services nginx https elastic-beanstalk amazon-elb

我知道之前已经问过这个问题,但似乎没有什么对我有用。我尝试过多种不同的东西,例如这些问题中描述的答案:

How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS? Redirecting EC2 elb from http to https

它们似乎都不起作用。我是一个aws noob,所以我不完全确定如何编辑配置文件 - 或者我是否做错了。

我的设置如下:

我当前的.ebextensions文件夹中的nginx.config文件(来自this article):

files:
  "/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf" :
    mode: "000755"
    owner: root
    group: root
    content: |
        upstream nodejs {
            server 127.0.0.1:8081;
            keepalive 256;
        }
        server {
            listen 8080;
            set $fixedWWW '';
            set $needRedir 0;
            # nginx does not allow nested if statements
            # check and decide on adding www prefix
            if ($host !~* ^www(.*)) {
                set $fixedWWW 'www.';
                set $needRedir 1;
            }
            # what about that https? the traffic is all http right now
            # but elastic load balancer tells us about the original scheme
            # using $http_x_forwarded_proto variable
            if ($http_x_forwarded_proto != 'https') {
                set $needRedir 1;
            }
            # ok, so whats the verdict, do we need to redirect?
            if ($needRedir = 1) {
                rewrite ^(.*) https://$fixedWWW$host$1 redirect;
            }
            location / {
                proxy_pass  http://nodejs;
                proxy_set_header   Connection "";
                proxy_http_version 1.1;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            }
            gzip on;
        }

但这似乎没有做任何事情。我已经没想完了。我不确定我是否错过了一步或什么,但我不知道该怎么做。作为一种解决方法,我的angularjs前端重定向非https请求,但这太过于hacky并且在重定向之前渲染了一些DOM,我想在负载均衡器处重定向 - 它应该重定向。

2 个答案:

答案 0 :(得分:2)

您似乎正在尝试为非WWW和非HTTPS连接进行重定向。您是否尝试过仅仅http:// - >的简单案例? https://?

if ($http_x_forwarded_proto = "http") {
    return 301 https://$host$request_uri;
}

有时通过两个重定向更容易处理它,一个从HTTP到HTTPS,一个从非WWW到WWW。事实上,如果您要通过HSTS(https-无处不在)注册您的网站,他们需要这种方法。

编辑:另外,只是注意到配置的第一行,您可能想尝试直接注入nginx文件:

files:
  "/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" :

答案 1 :(得分:1)

直接更新/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf”非常困难。我发现了这一点:https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/security-configuration/https-redirect/nodejs/https-redirect-nodejs.config,让您设置重定向,但是可能会改变我其他的配置文件太多了,最好的方法是在.ebextensions文件夹中创建一个redirect.config文件:

container_commands:
  https_redirect:
    command: |
     sed -i '/location \/ {/i \
              set $redirect 0;\
              if ($http_x_forwarded_proto != "https") {\
                set $redirect 1;\
              }\
              if ($http_user_agent ~* "ELB-HealthChecker") {\
                set $redirect 0;\
              }\
              if ($redirect = 1) {\
                return 301 https://$host$request_uri;\
              }\
      ' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf```