Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Elastic Beanstalk Http Redirect to Https

I know this question has been asked before, but nothing seems to be working for me. I've tried multiple different things, such as the answers described in these questions:

How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS? Redirecting EC2 elb from http to https

None of them seem to work. I'm an aws noob, so I'm not entirely sure how editing config files works - or if I've done something wrong.

My setup is the following:

  • Route 53 points to Elastic Beanstalk (nginx)
  • ELB port configuration with ACM certificate (using tcp/ssl as it makes my websockets work)
  • nodejs app on port 8080

My current nginx.config file in my .ebextensions folder (got this from this article):

files:
  "/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf" :
    mode: "000755"
    owner: root
    group: root
    content: |
        upstream nodejs {
            server 127.0.0.1:8081;
            keepalive 256;
        }
        server {
            listen 8080;
            set $fixedWWW '';
            set $needRedir 0;
            # nginx does not allow nested if statements
            # check and decide on adding www prefix
            if ($host !~* ^www(.*)) {
                set $fixedWWW 'www.';
                set $needRedir 1;
            }
            # what about that https? the traffic is all http right now
            # but elastic load balancer tells us about the original scheme
            # using $http_x_forwarded_proto variable
            if ($http_x_forwarded_proto != 'https') {
                set $needRedir 1;
            }
            # ok, so whats the verdict, do we need to redirect?
            if ($needRedir = 1) {
                rewrite ^(.*) https://$fixedWWW$host$1 redirect;
            }
            location / {
                proxy_pass  http://nodejs;
                proxy_set_header   Connection "";
                proxy_http_version 1.1;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            }
            gzip on;
        }

But this doesn't seem to do anything. I've run out of ideas. I'm not sure whether I'm missing a step or something but I don't know what to do. As a workaround I've got my angularjs front end redirecting non-https requests, but this is too hacky and some of the DOM renders before the redirect, I'd like to redirect at the load balancer - where it should redirect.

like image 662
KDogg Avatar asked Mar 05 '16 17:03

KDogg


People also ask

How do I redirect http traffic to HTTPS on my classic Load Balancer in ELB?

Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer. You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients.

How can I redirect HTTPS requests to HTTP using an application Load Balancer?

What you need to do is set up an HTTPS listener, an AWS IAM server certificate to attach to the listener, and an HTTP target group. You can then attach instances/servers that listen in HTTP to that target group. As Michael said, this is not a "redirect" but a "forward" rule to your target group.


1 Answers

It looks like you're trying to do both a redirect for non-WWW and for non-HTTPS connections. Have you tried the simpler case of just http:// -> https:// ?

if ($http_x_forwarded_proto = "http") {
    return 301 https://$host$request_uri;
}

Sometimes it's easier to handle it via two redirects, one from HTTP to HTTPS and one from non-WWW to WWW. In fact, if you're going to register your site via HSTS (https-everywhere), they require this sort of approach.

Edit: Also, just noticed the first line of your config, you might want to try injecting the nginx file directly:

files:
  "/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" :
like image 165
SMX Avatar answered Sep 21 '22 15:09

SMX