Elasticbeanstalk - 使用Nginx在Docker容器上强制HTTP

时间:2017-09-29 14:36:16

标签: amazon-web-services docker nginx https elastic-beanstalk

我有一个单容器Docker在Elasticbeanstalk上使用Nginx运行React环境。我将子域指向ELB URL,并且如果您访问子域,则强制进行HTTPS重定向(即,您键入subdomain.domain.com,它应该将您重定向到HTTPS)。

现在,如果我访问默认的ELB网址( something.eu-central-1.elasticbeanstalk.com ),它将被重定向到HTTPS。但我希望我的自定义域(停放在其他地方,但指向带有CNAME的some.eu-centralblabla)也被强制使用HTTPS ,但它没有& #39; t发生。它允许定期的HTTP请求。

我已经尝试过多个指南并遵循AWS文档,但我似乎无法强制它在我的自定义子域上重定向到HTTPS。

这些是我的文件:

/ .ebextensions文件夹

的http-instance.config 

files:
/etc/nginx/conf.d/https.conf:
mode: "000644"
owner: root
group: root
content: |
  # HTTPS Server

  server {
    listen 443;
    server_name localhost;

    ssl on;
    ssl_certificate /etc/pki/tls/certs/server.crt;
    ssl_certificate_key /etc/pki/tls/certs/server.key;

    ssl_session_timeout 5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_prefer_server_ciphers on;

    location / {
      proxy_pass http://docker;
      proxy_http_version 1.1;

      proxy_set_header Connection "";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  }
#SSL CRT and KEY below

的https实例-single.config 

Resources:
  sslSecurityGroupIngress: 
  Type: AWS::EC2::SecurityGroupIngress
  Properties:
  GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
  IpProtocol: tcp
  ToPort: 443
  FromPort: 443
  CidrIp: 0.0.0.0/0

/ nginx文件夹

default.conf 

server {
  listen 80;

  server_name localhost;

  root /usr/share/nginx/html;
  index index.html index.htm;
  try_files $uri $uri/ /index.html?/$request_uri;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  error_page 500 504 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;

  client_max_body_size 4G;
  keepalive_timeout 10;

  location ~ ^/(favicon|static)/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
    # add_header Last-Modified "";
    # add_header ETag "";

    open_file_cache max=1000 inactive=500s;
    open_file_cache_valid 600s;
    open_file_cache_errors on;
    break;
  }
}

我做错了什么?谢谢你的帮助!

2 个答案:

答案 0 :(得分:0)

您应该可以在nginx配置中通过在服务器上下文中添加它来管理它:

set $redirect_to_https 0;

if ($http_x_forwarded_proto != 'https') {
    set $redirect_to_https 1;
}

if ($redirect_to_https = 1) {
    rewrite ^ https://$host$request_uri? permanent;
}

或者那种效果。

答案 1 :(得分:0)

将所有http流量路由到https:

server {
  listen 80;
  return 301 https://$host$request_uri;
}

然后将代理内容悬挂在443块中

相关问题
最新问题