我知道之前已经问过这个问题,但似乎没有什么对我有用。我尝试过多种不同的东西,例如这些问题中描述的答案:
How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS? Redirecting EC2 elb from http to https
它们似乎都不起作用。我是一个aws noob,所以我不完全确定如何编辑配置文件 - 或者我是否做错了。
我的设置如下:
我当前的.ebextensions文件夹中的nginx.config文件(来自this article):
files:
"/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf" :
mode: "000755"
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
set $fixedWWW '';
set $needRedir 0;
# nginx does not allow nested if statements
# check and decide on adding www prefix
if ($host !~* ^www(.*)) {
set $fixedWWW 'www.';
set $needRedir 1;
}
# what about that https? the traffic is all http right now
# but elastic load balancer tells us about the original scheme
# using $http_x_forwarded_proto variable
if ($http_x_forwarded_proto != 'https') {
set $needRedir 1;
}
# ok, so whats the verdict, do we need to redirect?
if ($needRedir = 1) {
rewrite ^(.*) https://$fixedWWW$host$1 redirect;
}
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
}
但这似乎没有做任何事情。我已经没想完了。我不确定我是否错过了一步或什么,但我不知道该怎么做。作为一种解决方法,我的angularjs前端重定向非https请求,但这太过于hacky并且在重定向之前渲染了一些DOM,我想在负载均衡器处重定向 - 它应该重定向。
答案 0 :(得分:2)
您似乎正在尝试为非WWW和非HTTPS连接进行重定向。您是否尝试过仅仅http:// - >的简单案例? https://?
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
有时通过两个重定向更容易处理它,一个从HTTP到HTTPS,一个从非WWW到WWW。事实上,如果您要通过HSTS(https-无处不在)注册您的网站,他们需要这种方法。
编辑:另外,只是注意到配置的第一行,您可能想尝试直接注入nginx文件:
files:
"/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" :
答案 1 :(得分:1)
直接更新/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf”非常困难。我发现了这一点:https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/security-configuration/https-redirect/nodejs/https-redirect-nodejs.config,让您设置重定向,但是可能会改变我其他的配置文件太多了,最好的方法是在.ebextensions文件夹中创建一个redirect.config文件:
container_commands:
https_redirect:
command: |
sed -i '/location \/ {/i \
set $redirect 0;\
if ($http_x_forwarded_proto != "https") {\
set $redirect 1;\
}\
if ($http_user_agent ~* "ELB-HealthChecker") {\
set $redirect 0;\
}\
if ($redirect = 1) {\
return 301 https://$host$request_uri;\
}\
' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf```