Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS?

I've got a Node.js powered site that I'm running on Amazon Elastic Beanstalk.

My Node.js app listens on port 8080, and I'm using the nginx elastic load balancer configuration with my EB app, listening on port 80 and 443 for HTTP and HTTPS.

However, I only want to accept traffic in my app that has come via HTTPS.

I could rig something up in the app to deal with this, but am interested in a way to get the load balancer to redirect all HTTP requests to my site via HTTPS.

like image 294
Mason G. Zhwiti Avatar asked Jun 19 '14 01:06

Mason G. Zhwiti


People also ask

Does Elastic Beanstalk use nginx?

Elastic Beanstalk uses nginx as the reverse proxy to map your application to your Elastic Load Balancing load balancer on port 80. Elastic Beanstalk provides a default nginx configuration that you can either extend or override completely with your own configuration.

What is proxy server in Elastic Beanstalk?

Elastic Beanstalk provides a default proxy configuration that you can either extend or completely override with your own configuration. By default, Elastic Beanstalk configures the proxy to forward requests to your application on port 5000.

What is reverse proxy in AWS?

Often, a reverse proxy serves content from one single entry domain but retrieves the content from different origins.

How does Nginx work with Elastic Beanstalk?

Elastic Beanstalk uses nginx as the reverse proxy to map your application to your Elastic Load Balancing load balancer on port 80. Elastic Beanstalk provides a default nginx configuration that you can either extend or override completely with your own configuration.

What proxy does Elastic Beanstalk use?

Elastic Beanstalk uses nginx or Apache HTTPD as the reverse proxy to map your application to your Elastic Load Balancing load balancer on port 80. The default is nginx. Elastic Beanstalk provides a default proxy configuration that you can either extend or override completely with your own configuration.

How do I deploy Elastic Beanstalk configuration files to AWS?

To deploy configuration files to your environment, add the configuration files to a directory named .ebextensions at the root of your application bundle. Then, deploy the source code that includes these configuration files. 1. Allow incoming traffic on port 443 to the EC2 instance that your Elastic Beanstalk application is running on.

Does AWS Beanstalk with Tomcat use Apache?

Overview In the very default configuration of AWS Beanstalk with Tomcat there is Apache configured as a reverse proxy to handle the http requests. For performance reasons one would want to change from Apache to NGINX and use Transport Layer Security (SSL/TLS) for http connection to get the desired green padlock in the browser. …


1 Answers

After several false-starts with ideas from Amazon's paid support, they did come through in the end. The way you get this to work is you configure your environment to respond to both port 80 and 443. Then create a folder in your main Node.js app folder called .ebextensions, and you place a file named 00_nginx_https_rw.config in there, with this text as the contents:

files:   "/tmp/45_nginx_https_rw.sh":     owner: root     group: root     mode: "000644"     content: |       #! /bin/bash        CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf`        if [ $CONFIGURED = 0 ]         then           sed -i '/listen 8080;/a \    if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf           logger -t nginx_rw "https rewrite rules added"           exit 0         else           logger -t nginx_rw "https rewrite rules already set"           exit 0       fi  container_commands:   00_appdeploy_rewrite_hook:     command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact   01_configdeploy_rewrite_hook:     command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact   02_rewrite_hook_perms:     command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh   03_rewrite_hook_ownership:     command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 

Amazon's support team explained: This config creates a deployment hook which will add the rewrite rules to /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf.

(Previously they had offered me .config's that copied separate files into /etc/nginx/conf.d, but those either had no effect, or worse, seemed to overwrite or take precedence over the default nginx configuration, for some reason.)

If you ever want to undo this, i.e. to remove the hooks, you need to remove this ebextension and issue a command to remove the files that it creates. You can do this either manually, or via ebextensions commands you put in place temporarily:

/opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 

I haven't tried this, but presumably something like this would work to remove them and undo this change:

container_commands:   00_undochange:     command: rm /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh   01_undochange:     command: rm /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 

Hope this can help someone else in the future.

like image 80
3 revs Avatar answered Sep 30 '22 18:09

3 revs