在Elastic Beanstalk Linux Tomcat 8上将http重定向到https

时间:2016-10-17 22:36:26

标签: amazon-web-services ssl mod-rewrite elastic-beanstalk amazon-elb

在过去的几天里,我一直试图强制我的应用程序将非https呼叫转发到我的域名为https。

我有一个Web服务器弹性beanstalk配置了64位Amazon Linux 2016.03,v2.2.0运行Tomcat 8 Java 8.我在我的应用程序中创建了一个名为.ebextensions的文件夹,其中包含一个名为ssl_rewrite.config的文件。该文件包含:

files:
  "/etc/httpd/conf.d/ssl_rewrite.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
      RewriteEngine On
      RewriteCond %{HTTP:X-Forwarded-Proto} !https
      RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

它曾经包含这个taken from this example,但我收到了if语句的错误:

files:
  "/etc/httpd/conf.d/ssl_rewrite.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
        RewriteEngine On
        <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
        </If>

无论如何,当我尝试部署我的应用程序时,它失败了,我收到了这个错误:

Application update failed at 2016-10-17T01:33:00Z with exit status 1 and error: Hook /opt/elasticbeanstalk/hooks/appdeploy/pre/03_configure_proxy.sh failed.

Executing: /opt/elasticbeanstalk/bin/log-conf -n httpd -l'/var/log/httpd/*'

Executing: /usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf
Syntax error on line 1 of /etc/httpd/conf.d/ssl_rewrite.conf:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
Failed to execute '/usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf'
Failed to execute '/usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf'.

我已经进入了httpd.conf文件并添加了一行:

LoadModule rewrite_module modules / mod_rewrite.so

关于我做错的任何提示或想法?谢谢!

2 个答案:

答案 0 :(得分:1)

我终于让我的工作了:

LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

此外,我发现在我的.ebextensions / httpd / conf.d文件夹中放置一个ssl_rewrite.conf并让AWS脚本处理剩下的工作更容易。

如果使用虚拟主机,请阅读http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts。 Mod_rewrite配置不是由虚拟主机从主服务器上下文继承的,因此在每个虚拟主机配置中也需要以下内容。

RewriteEngine On
RewriteOptions Inherit

在运行Tomcat 7 Java 7的64位Amazon Linux 2016.09 v2.4.0上测试。

答案 1 :(得分:1)

对于那些苦苦挣扎了一段时间的人,我发现了一个包含所有AWS配置的GitHub(来自AWS团队),下面的示例适用于Apache 2.2的HTTP> HTTPS重定向。 (有关Apache 2.4和Nginx的配置,请参见下面的链接。)

Apache 2.2

  1. 在应用程序的根目录中创建一个文件: YOUR_PROJECT_ROOT / .ebextensions / httpd / conf.d / elasticbeanstalk.conf (如果使用IntelliJ / Java,请确保将其添加到最终的.WAR工件中)

  2. 添加以下行以在虚拟主机中启用重定向:

    <VirtualHost *:80>
    LoadModule rewrite_module modules/mod_rewrite.so
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{HTTP_USER_AGENT} !ELB-HealthChecker
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://localhost:8080/ retry=0
    ProxyPassReverse / http://localhost:8080/
    ProxyPreserveHost on

    ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>

有关Apache 2.4和Nginx的更多示例,请访问以下GitHub存储库:

https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect/java-tomcat

此外,还有许多有用的配置和示例。

致谢

相关问题
最新问题