I've got a Node.js powered site that I'm running on Amazon Elastic Beanstalk.
My Node.js app listens on port 8080, and I'm using the nginx elastic load balancer configuration with my EB app, listening on port 80 and 443 for HTTP and HTTPS.
However, I only want to accept traffic in my app that has come via HTTPS.
I could rig something up in the app to deal with this, but am interested in a way to get the load balancer to redirect all HTTP requests to my site via HTTPS.
Elastic Beanstalk uses nginx as the reverse proxy to map your application to your Elastic Load Balancing load balancer on port 80. Elastic Beanstalk provides a default nginx configuration that you can either extend or override completely with your own configuration.
Elastic Beanstalk provides a default proxy configuration that you can either extend or completely override with your own configuration. By default, Elastic Beanstalk configures the proxy to forward requests to your application on port 5000.
Often, a reverse proxy serves content from one single entry domain but retrieves the content from different origins.
Elastic Beanstalk uses nginx as the reverse proxy to map your application to your Elastic Load Balancing load balancer on port 80. Elastic Beanstalk provides a default nginx configuration that you can either extend or override completely with your own configuration.
Elastic Beanstalk uses nginx or Apache HTTPD as the reverse proxy to map your application to your Elastic Load Balancing load balancer on port 80. The default is nginx. Elastic Beanstalk provides a default proxy configuration that you can either extend or override completely with your own configuration.
To deploy configuration files to your environment, add the configuration files to a directory named .ebextensions at the root of your application bundle. Then, deploy the source code that includes these configuration files. 1. Allow incoming traffic on port 443 to the EC2 instance that your Elastic Beanstalk application is running on.
Overview In the very default configuration of AWS Beanstalk with Tomcat there is Apache configured as a reverse proxy to handle the http requests. For performance reasons one would want to change from Apache to NGINX and use Transport Layer Security (SSL/TLS) for http connection to get the desired green padlock in the browser. …
After several false-starts with ideas from Amazon's paid support, they did come through in the end. The way you get this to work is you configure your environment to respond to both port 80 and 443. Then create a folder in your main Node.js app folder called .ebextensions
, and you place a file named 00_nginx_https_rw.config
in there, with this text as the contents:
files: "/tmp/45_nginx_https_rw.sh": owner: root group: root mode: "000644" content: | #! /bin/bash CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf` if [ $CONFIGURED = 0 ] then sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf logger -t nginx_rw "https rewrite rules added" exit 0 else logger -t nginx_rw "https rewrite rules already set" exit 0 fi container_commands: 00_appdeploy_rewrite_hook: command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact 01_configdeploy_rewrite_hook: command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact 02_rewrite_hook_perms: command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 03_rewrite_hook_ownership: command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Amazon's support team explained: This config creates a deployment hook which will add the rewrite rules to /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf.
(Previously they had offered me .config's that copied separate files into /etc/nginx/conf.d, but those either had no effect, or worse, seemed to overwrite or take precedence over the default nginx configuration, for some reason.)
If you ever want to undo this, i.e. to remove the hooks, you need to remove this ebextension and issue a command to remove the files that it creates. You can do this either manually, or via ebextensions commands you put in place temporarily:
/opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
I haven't tried this, but presumably something like this would work to remove them and undo this change:
container_commands: 00_undochange: command: rm /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh 01_undochange: command: rm /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Hope this can help someone else in the future.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With