Reputation: 149
How to set up Beanstalk + Nginx to redirect http to https?
My domain is pointing to a Beanstalk app (DNS ALIAS). I have already set up SSL certificates properly on my Beanstalk instance. So now: http://www.mysite.com -> Beanstalk app with http https://www.mysite.com -> Beanstalk app with https
I would like to redirect all http requests to https. So http://www.mysite.com -> https://www.mysite.com
I already tried to create an AWS container to implement something like "server { listen 80; return 301 https://www.mysite.com/$request_uri;}" but it is not working.
I have already spent several hours on Google trying to find some guidance on how to do that. I found some clues such as the 301 redirect, rewrite... but I am not being able to apply any solution to my Beanstalk EC2 instance.
Perhaps I need a more detailed explanation on how to do that. Could someone help me, please?
PS: one thing that I am struggling to understand is the fact that the Load Balancer says that Load Balancer Port 80 is pointing to Instance Port 80 and Load Balancer Port 443 (HTTPS) is also pointing to Instance Port 80, but with Cipher/SSL cert. Well, when I examine the nginx configuration files on my EC2 instance I only find a "server { listen 8080", not "listen 80".
Thank you all.
Upvotes: 2
Views: 4096
Answers (4)
Reputation: 49
I've online this solution.
Add .ebextensions/00_nginx_https_rw.config
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } \n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Upvotes: 4
Reputation: 1878
For those, who don't use the Load Balancer, the if block from user3888643's answer wouldn't work. So I've removed it completely (not sure if this solution has any problems) and it works for me:
sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
to:
sed -i '/listen 8080;/a \ return 301 https://$host$request_uri;\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
Upvotes: 1
Reputation: 61
I wasn't sure if user3888643's answer was still the correct one, since aws updated the way some of their own setup scripts run on elastic beanstalk earlier this year, but I just checked with aws support, this is still the advised solution. Add a file to .ebextensions, e.g .ebextensions/00_nginx_https_rw.config with the following contents
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#!/usr/bin/env bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/ location \/ {/a \ if ($http_x_forwarded_proto = "http") { \n return 301 https://$host$request_uri;\n }' /opt/elasticbeanstalk/support/conf/webapp.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
04_reload_nginx:
command: /etc/init.d/nginx reload
One thing to look out for: I found I couldn't deploy this because of an interaction between a previous (incorrect) version of the file in .ebextensions, there would be an error and the deployment would fail, even though the file was no longer in the repo being deployed. :
[Instance: i-0c767ece] Command failed on instance.
Return code: 6
Output: nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:38 nginx:
[emerg] unknown directive "...." in /etc/nginx/conf.d/000_config.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed.
container_command 04_reload_nginx in .ebextensions/ssl_redirect.config failed.
For more detail, check /var/log/eb-activity.log using console or EB CLI.
It looks like each instance still had a copy of the previously deployed file in /etc/nginx/conf.d/, so I had to go into each instance and delete my previous config files in /etc/nginx/conf.d , once I did that the deployment went through fine.
Upvotes: 0
Reputation: 16086
Based on the code above, this is the code that I used to redirect the http requests to https for a standalone (i.e. not behind a load balancer) Docker image:
files:
"/tmp/000_nginx_https_redirect.sh":
owner: root
group: root
mode: "000644"
content: |
#!/bin/bash
sed -i 's/80;/80;\n return 301 https:\/\/$http_host$request_uri;\n/' /etc/nginx/sites-available/elasticbeanstalk-nginx-docker-proxy.conf
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/000_nginx_https_redirect.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/000_nginx_https_redirect.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/000_nginx_https_redirect.sh
Upvotes: 3
Related Questions
- How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS?
- Redirect to Https using Elastic Beanstalk ELB
- Redirect Elastic Beanstalk HTTP requests to HTTPS with nginx
- How to redirect www to non-www and http to https in Elasticbeanstalk (nginx server)
- How can I redirect http to https for Elastic Beanstalk running nginx?
- Elastic Beanstalk Http Redirect to Https
- Elastic Beanstalk redirect http to https for iis site
- how to redirect http to https in nginx docker elastic beanstalk
- Redirect Http to Https in Elastic BeansTalk, Tomcat, Nginx
- AWS EB - Redirect all traffic to https