Menu
I know this question has been asked before, but nothing seems to be working for me. I've tried multiple different things, such as the answers described in these questions:
How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS? Redirecting EC2 elb from http to https
None of them seem to work. I'm an aws noob, so I'm not entirely sure how editing config files works - or if I've done something wrong.
My setup is the following:
My current nginx.config file in my .ebextensions folder (got this from this article):
files:
"/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf" :
mode: "000755"
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
set $fixedWWW '';
set $needRedir 0;
# nginx does not allow nested if statements
# check and decide on adding www prefix
if ($host !~* ^www(.*)) {
set $fixedWWW 'www.';
set $needRedir 1;
}
# what about that https? the traffic is all http right now
# but elastic load balancer tells us about the original scheme
# using $http_x_forwarded_proto variable
if ($http_x_forwarded_proto != 'https') {
set $needRedir 1;
}
# ok, so whats the verdict, do we need to redirect?
if ($needRedir = 1) {
rewrite ^(.*) https://$fixedWWW$host$1 redirect;
}
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
}
But this doesn't seem to do anything. I've run out of ideas. I'm not sure whether I'm missing a step or something but I don't know what to do. As a workaround I've got my angularjs front end redirecting non-https requests, but this is too hacky and some of the DOM renders before the redirect, I'd like to redirect at the load balancer - where it should redirect.
662
Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer. You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients.
What you need to do is set up an HTTPS listener, an AWS IAM server certificate to attach to the listener, and an HTTP target group. You can then attach instances/servers that listen in HTTP to that target group. As Michael said, this is not a "redirect" but a "forward" rule to your target group.
It looks like you're trying to do both a redirect for non-WWW and for non-HTTPS connections. Have you tried the simpler case of just http:// -> https:// ?
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
Sometimes it's easier to handle it via two redirects, one from HTTP to HTTPS and one from non-WWW to WWW. In fact, if you're going to register your site via HSTS (https-everywhere), they require this sort of approach.
Edit: Also, just noticed the first line of your config, you might want to try injecting the nginx file directly:
files:
"/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" :
answered Sep 21 '22 15:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With