1. 首頁
  2. 問答
  3. 如何設置Beanstalk + Nginx將http重定向到https?

如何設置Beanstalk + Nginx將http重定向到https?

2013-11-23 98 views
1

我的域名指向Beanstalk應用(DNS ALIAS)。 我已經在我的Beanstalk實例上正確設置了SSL證書。 所以現在: http://www.mysite.com - 以http>青苗應用 https://www.mysite.com - >青苗應用以https如何設置Beanstalk + Nginx將http重定向到https?

我想重定向所有的HTTP請求到https。所以http://www.mysite.com - >https://www.mysite.com

我已經嘗試創建一個AWS容器來實現類似「server {listen 80; return 301 https://www.mysite.com/ $ request_uri;}」但它不起作用。

我已經在谷歌上花了好幾個小時試圖找到一些關於如何做到這一點的指導。我發現了一些線索,如301重定向,重寫......但我無法將任何解決方案應用到我的Beanstalk EC2實例。

也許我需要更詳細的解釋如何做到這一點。 請問有人可以幫我嗎?

PS:我很難理解的一個事實是Load Balancer說負載均衡端口80指向實例端口80並且負載均衡端口443(HTTPS)也指向實例端口80,但是帶有密碼/ SSL證書。 那麼,當我檢查EC2實例上的nginx配置文件時,我只能找到一個「server {listen 8080」,而不是「listen 80」。

謝謝大家。

來源

2013-11-23 T900M

+0

凡你能找到正確的方式做到這一點? –

回答

4

我已經在線此解決方案。

添加.ebextensions/00_nginx_https_rw.config

files: 
    "/tmp/45_nginx_https_rw.sh": 
    owner: root 
    group: root 
    mode: "000644" 
    content: | 
     #! /bin/bash 

     CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf` 

     if [ $CONFIGURED = 0 ] 
     then 
      sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } \n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf 
      logger -t nginx_rw "https rewrite rules added" 
      exit 0 
     else 
      logger -t nginx_rw "https rewrite rules already set" 
      exit 0 
     fi 

container_commands: 
    00_appdeploy_rewrite_hook: 
    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact 
01_configdeploy_rewrite_hook: 
    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact 
    02_rewrite_hook_perms: 
    command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 
    03_rewrite_hook_ownership: 
    command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh

來源

2014-10-30 19:02:24 user3888643

+0

在我的情況下不起作用:''[error] 9579#0:* 7上游過早關閉連接,同時從上游讀取響應頭,客戶端:80.215.204.109,server:,request:「GET /favicon.ico HTTP /1.1「,上游:」http://127.0.0.1:8081/favicon.ico「,主機:」domainname.fr「,referrer:」http:// domainname.fr''' 任何建議嗎?我是使用單個實例 – Gura

+0

爲我工作!謝謝:) –

3

基於上述代碼,這是我以前的http請求到https重定向一個獨立的代碼(即,不是在負載平衡器後面)泊塢圖片:

files: 
    "/tmp/000_nginx_https_redirect.sh": 
    owner: root 
    group: root 
    mode: "000644" 
    content: | 
     #!/bin/bash 
     sed -i 's/80;/80;\n return 301 https:\/\/$http_host$request_uri;\n/' /etc/nginx/sites-available/elasticbeanstalk-nginx-docker-proxy.conf 

container_commands: 
    00_appdeploy_rewrite_hook: 
    command: cp -v /tmp/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/appdeploy/enact 
    01_configdeploy_rewrite_hook: 
    command: cp -v /tmp/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/configdeploy/enact 
    02_rewrite_hook_perms: 
    command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/000_nginx_https_redirect.sh 
    03_rewrite_hook_ownership: 
    command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/000_nginx_https_redirect.sh

來源

2015-05-20 01:33:50 Phyxx

0

我不知道,如果user3888643的回答仍然是正確的,因爲AWS更新了自己的一些安裝腳本的彈性魔豆今年年初運行的方式,但我只是用AWS支持檢查,這仍然是建議的解決方案。添加文件.ebextensions,如.ebextensions/00_nginx_https_rw.config包含以下內容

files: 
    "/tmp/45_nginx_https_rw.sh": 
    owner: root 
    group: root 
    mode: "000644" 
    content: | 
     #!/usr/bin/env bash 
    CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp.conf` 

    if [ $CONFIGURED = 0 ] 
    then 
     sed -i '/ location \/ {/a \ if ($http_x_forwarded_proto = "http") { \n  return 301 https://$host$request_uri;\n }' /opt/elasticbeanstalk/support/conf/webapp.conf 
     logger -t nginx_rw "https rewrite rules added" 
     exit 0 
    else 
     logger -t nginx_rw "https rewrite rules already set" 
     exit 0 
    fi 

container_commands: 
    00_appdeploy_rewrite_hook: 
    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact 
    01_configdeploy_rewrite_hook: 
    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact 
    02_rewrite_hook_perms: 
    command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 
    03_rewrite_hook_ownership: 
    command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 
    04_reload_nginx: 
    command: /etc/init.d/nginx reload

一件事看出來的:我發現,因爲之間的先前(不正確)的相互作用,我不能部署此.ebextensions中的文件版本,則會出現錯誤,並且部署將失敗,即使該文件不再位於正在部署的倉庫中。 :

[Instance: i-0c767ece] Command failed on instance. 
Return code: 6  
Output: nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:38 nginx: 
[emerg] unknown directive "...." in /etc/nginx/conf.d/000_config.conf:4 
nginx: configuration file /etc/nginx/nginx.conf test failed. 
container_command 04_reload_nginx in .ebextensions/ssl_redirect.config failed. 
For more detail, check /var/log/eb-activity.log using console or EB CLI.

它看起來像每個實例仍然在/etc/nginx/conf.d/先前部署的文件的副本,所以我不得不去到每一個實例,並在/ etc刪除我以前的配置文件/nginx/conf.d,一旦我做到了,部署進展順利。

來源

2015-08-20 03:08:24

0

對於那些不使用負載均衡器的人,user3888643's answerif塊不起作用。所以,我已經完全刪除了(不知道這個解決方案有任何問題),它爲我工作:

sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf

到:

sed -i '/listen 8080;/a \ return 301 https://$host$request_uri;\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf

來源

2017-03-30 06:45:38

相關問題

 相關問題