It may not have been necessary to summarize it, but I'm quite addicted to it, so I'd like to write it down.
We will proceed on the assumption that the basic SSL setup has been completed. Please check again if Elastic Load Balancer (ELB) is linked to the Elastic Beanstalk (EB) environment and the appropriate SSL certificate and HTTPS / port are set for ELB.
Since ELB stores the protocol of the received request in the X-Forwarded-Proto header, HTTP → HTTPS redirect can be realized by reading the following settings in the server block of nginx.
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
So how do you overwrite the essential nginx settings? Go/ [Java SE](http://docs.aws.amazon.com/ja_jp/ elasticbeanstalk / latest / dg / java-se-platform.html) In the environment, a mechanism is introduced to easily tamper with the nginx settings. The setting method is the same for both.
If you create a file called .ebextensions / nginx / nginx.conf and put it in the root directory of the application deployed by EB, this nginx.conf will overwrite /etc/nginx/nginx.conf on EC2. Will be done.
Another thing, if you put the files in .ebextensions/nginx/conf.d/*.conf, these files will be copied /etc/nginx/conf.d/elasticbeanstalk, and nginx.conf will be copied. If you have not overwritten it, in the server {} block in it, or if you have overwritten nginx.conf, write ʻinclude conf.d/elasticbeanstalk/*.conf;It will be read, but for some reason if you put the file that describes the above redirect settings as.ebextensions/nginx/conf.d/02_proxy.conf`, the if statement will not be allowed and will be played when reading the nginx configuration file.
Please note that if you are biting CodeBuild, if you forget to output .ebextensions when outputting artifact, it will not be copied, of course.
That's why it doesn't work even if it is described in the included file, so it overwrites the existing nginx configuration file. If you write the above redirect settings in the server {} block, it will be as follows.
# Elastic Beanstalk Nginx Configuration File
user nginx;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 33193;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include conf.d/*.conf;
map $http_upgrade $connection_upgrade {
default "upgrade";
}
server {
listen 80 default_server;
access_log /var/log/nginx/access.log main;
client_header_timeout 60;
client_body_timeout 60;
keepalive_timeout 60;
gzip off;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Redirect to https
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/*.conf;
}
}
If you copy and paste the above and save it as .ebextensions/nginx/nginx.conf, HTTP → HTTPS redirect should be enabled.
Recommended Posts