如何在 AWS Elastic Beanstalk 上强制使用 HTTPS

Posted 2023-03-04

【中文标题】如何在 AWS Elastic Beanstalk 上强制使用 HTTPS

【英文标题】：How to Force HTTPS on AWS Elastic Beanstalk

【发布时间】：2018-06-18 00:30:15

【问题描述】：

使用具有 nginx 负载均衡器的 Elastic Beanstalk 强制 http 到 https 的最佳方法是什么？ Https 适用于我从 AWS Certificate Manager 收到的证书的应用程序，我只是希望它确保始终使用 https。似乎应该已经内置到 AWS 中。任何帮助表示赞赏。

【问题讨论】：

我也遇到了这个问题。尝试了数十种解决方案，但似乎都没有奏效。如何确定.elasticbeanstalk/[filename].config 文件是否实际被加载和使用？

【参考方案1】：

在您的 ebextensions 中创建一个以 .config 结尾的文件并将以下内容添加到其中

files:
   /etc/nginx/conf.d/proxy.conf:
     owner: root
     group: root
     mode: "000644"
     content: |

       upstream nodejs 
           server 127.0.0.1:8081;
           keepalive 256;
       

       server 
           listen 8080;


           if ($time_iso8601 ~ "^(\d4)-(\d2)-(\d2)T(\d2)") 
               set $year $1;
               set $month $2;
               set $day $3;
               set $hour $4;
           
           access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
           access_log  /var/log/nginx/access.log  main;


           location / 
               set $redirect 0;
               if ($http_x_forwarded_proto != "https") 
                 set $redirect 1;
               
               if ($http_user_agent ~* "ELB-HealthChecker") 
                 set $redirect 0;
               
               if ($redirect = 1) 
                 return 301 https://$host$request_uri;
               

               proxy_pass  http://nodejs;
               proxy_set_header   Connection "";
               proxy_http_version 1.1;
               proxy_set_header        Host            $host;
               proxy_set_header        X-Real-IP       $remote_addr;
               proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
           

       gzip on;
       gzip_comp_level 4;
       gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

       

   /opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
     owner: root
     group: root
     mode: "000755"
     content: |
       #!/bin/bash -xe
       rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
       service nginx stop 
       service nginx start

container_commands:
  removeconfig:
    command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"

source

您可以阅读更多关于 ebextensions here