Menu
I have a classic load balancer on beanstalk and configured nginx instances. I want to redirect http to https requests.
I setup my load balancer listeners to redirect to port 80 to its instances.
I created a file in .ebextensions/nginx_config.config, in which I setup the redirect and also filter out the healthcheck.
See the config rewrite below:
files:
/etc/nginx/conf.d/proxy.conf:
owner: root
group: root
mode: "000644"
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 80;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /health-check {
access_log off;
default_type text/plain;
return 200 ‘OK’;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
owner: root
group: root
mode: "000755"
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
if [[ -e /etc/init/nginx.conf ]] ; then
echo Using initctl to stop and start nginx
initctl stop nginx || true
initctl start nginx
else
echo Using service to stop and start nginx
service nginx stop
service nginx start
fi
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
But nothing seems to happen and the server still doesn't redirect to https. It seems like my config is just being ignored. How can I redirect to https in this case?
334
Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS. Or, insert a rule between the existing rules (if appropriate for your use case).
So as per my suggestion above. Create an Application Load Balancer with 2 listeners.
1st Listener is a 443 HTTPS listener that serves traffic directly to your target group.
2nd Listener is a 80 HTTP listener that uses a redirect rule that does a redirect to HTTPS.
This is best practice.
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
