我已经配置了可扩展的EB(Elasticbeanstalk)rails(puma)实例。我已通过ACM(亚马逊证书管理器)申请https并将其应用于我的负载均衡器。现在为我的网站启用了HTTPS。但是如何强制重定向到https?我已经尝试了一些在线解决方案,建议通过.ebextensions手动进行nginx配置设置,我不知道从哪里获得ACM证书?(我假设现在ACM不可能做到这一点? )。如何强制HTTPS?
答案 0 :(得分:5)
当前的AWS EB Rails和Node.js设置都使用nginx(如果您的Web服务器是apache,请参阅this answer),因此以下内容应该有效(改编自this question):
使用以下内容创建文件.ebextensions/01-force-https.config
(.config
非常重要,而不是.conf
)。
如果您的环境是单个实例:
files:
"/etc/nginx/conf.d/01-force-https.conf":
owner: root
group: root
mode: "000644"
content: |
server {
listen 8080;
return 301 https://$host$request_uri;
}
如果你的环境是负载平衡的,你遗憾的是不能简单地添加到现有的配置,但需要用sed修改它:
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
然后将其添加到您的git repo或应用包和eb deploy
。这会创建/etc/nginx/conf.d/01-force-https.conf
,/etc/nginx/nginx.conf
会自动包含该eb deploy
。请注意,如果您稍后从.ebextensions
删除相应的文件,eb ssh
将无法删除服务器上的文件。此外,我发现以下内容有助于通过sudo service nginx configtest
sudo service nginx restart
进行调试:
Scheduler[] schedulers = new Schedulers[10];
for (int i = 0; i < 10; i++) {
schedulers[i] = Schedulers.newSingle();
}
public Flux<T> wrapIntoSingleThread(Scheduler scheduler) {
return this.flux.publishOn(scheduler);
}
答案 1 :(得分:0)
AWS 在此处提供了有关 HTTP 到 HTTPS 重定向的帮助文章: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html
它涵盖了 2 种主要方法,并提供了指向相关脚本的链接,您可以使用这些脚本为您完成所有工作(他们在更新 Elastic Beanstalk 平台时维护这些脚本)。