What is the best way to force http to https with Elastic Beanstalk that has a Nginx Load Balancer? Https works for the application with the certificate I received from the AWS Certificate Manager, I just want it to make sure that https is always used. Seems like something that should already be built in to AWS. Any help is appreciated.
Create a file that ends with .config in your ebextensions and add the following to it
files:
/etc/nginx/conf.d/proxy.conf:
owner: root
group: root
mode: "000644"
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
owner: root
group: root
mode: "000755"
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
service nginx stop
service nginx start
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
source
You can read more about ebextensions here
Related
I have a classic load balancer on beanstalk and configured nginx instances. I want to redirect http to https requests.
I setup my load balancer listeners to redirect to port 80 to its instances.
I created a file in .ebextensions/nginx_config.config, in which I setup the redirect and also filter out the healthcheck.
See the config rewrite below:
files:
/etc/nginx/conf.d/proxy.conf:
owner: root
group: root
mode: "000644"
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 80;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /health-check {
access_log off;
default_type text/plain;
return 200 ‘OK’;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
owner: root
group: root
mode: "000755"
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
if [[ -e /etc/init/nginx.conf ]] ; then
echo Using initctl to stop and start nginx
initctl stop nginx || true
initctl start nginx
else
echo Using service to stop and start nginx
service nginx stop
service nginx start
fi
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
But nothing seems to happen and the server still doesn't redirect to https. It seems like my config is just being ignored. How can I redirect to https in this case?
So as per my suggestion above. Create an Application Load Balancer with 2 listeners.
1st Listener is a 443 HTTPS listener that serves traffic directly to your target group.
2nd Listener is a 80 HTTP listener that uses a redirect rule that does a redirect to HTTPS.
This is best practice.
You can have your load balancer listen on 443 with a certificate from ACM and then redirect that traffic to port 80? But it's highly suggested to used a ALB as said by #mokugo-devops above. Hope this helps. You can also look at a similar issue AWS EB - Redirect all traffic to https
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 3 years ago.
Improve this question
I have a website setup in Elastic Beanstalk, but when I enter the website.com URL in a browser, it auto directs me to https//website.com and is missing the colon... it works if I add www.website.com though... or if I type https://www.website.com.
The contents of a .ebextensions/prod01.config file
files:
/etc/nginx/conf.d/proxy.conf:
owner: root
group: root
mode: "000644"
content: |
# Elastic Beanstalk Managed
# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
server_name website.com;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://www.heyants.com$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 8080;
server_name www.website.com;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
owner: root
group: root
mode: "000755"
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
if [[ -e /etc/init/nginx.conf ]] ; then
echo Using initctl to stop and start nginx
initctl stop nginx || true
initctl start nginx
else
echo Using service to stop and start nginx
service nginx stop
service nginx start
fi
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
Update
I have updated to use one of the AWS references provided below; but one condition of the redirect still does not work; I hope that with this clear update a truly canonical solution for all can be found.
website.com SUCCESSFULLY REDIRECTS TO https://www.website.com
www.website.com SUCCESSFULLY REDIRECTS TO https://www.website.com
https://www.website.com SUCCESSFULLY REDIRECTS TO https://www.website.com
http://www.website.com SUCCESSFULLY REDIRECTS TO
https://website.com
http://website.com FAILS TO REDIRECT TO https://www.website.com
https://website.com FAILS TO REDIRECT TO https://www.website.com; it takes them to https//www.website.com (Missing a colon)
Update your AWS Elastic Beanstalk config file that is residing here "/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" with the following content according to your requirements:
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
I tested with your configuration:
Request: GET http://website.com/ --> Reponse: 301, Location: http://https://www.website.com/
the second semicolon is removed by browser. It is unexpected, bug perhaps.
Can you try to use rewrite instead:
listen 8080;
server_name website.com;
...
if ($redirect = 1) {
rewrite ^(.*) https://www.website.com$1 permanent;
}
Request: GET https://website.com/ --> FAILED
On website.com rule it redirect to https://www.website.com/ only if its http. If you want https://website.com/ redirects to https://www.website.com/ then add
listen 8080;
server_name website.com;
...
if ($host = "website.com") {
rewrite ^(.*) https://www.website.com$1 permanent;
}
My website is running in a Docker Image using Nginx with reverse proxy.
Site is working prefectly for many hours under heavy traffic, but eventually it stops working and giving no response with 5** time out error.
In AWS Elastic Beanstalks Nginx-log I found this error-message:
[alert] 18037#0: 1024 worker_connections are not enough
I am afraid something is wrong with my custom Nginx-config,
but I do not understand what it is.
Code from https-redirect-docker-sc.config is attached.
I have tried to debug code to find any memory leaks or loops, but I can not find any solution.
files:
"/etc/nginx/sites-available/elasticbeanstalk-nginx-docker-proxy.conf":
owner: root
group: root
mode: "000755"
content: |
map $http_upgrade $connection_upgrade {
default "upgrade";
"" "";
}
server {
listen 80;
server_name mydomain.no;
return 301 https://www.mydomain.no$request_uri;
}
server {
listen 80 default_server;
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Default value for Nginx worker_connections is 1024, which is not enough for you.
Add events block before http in your nginx.conf, so it looks like this:
events {
worker_connections 4096; ## Default: 1024
}
http {
include conf/mime.types;
.....
}
You can also increase number of worker_processes(default = 1), so the total amount of connections your server can handle would be worker_processes * worker_connections
Please check here the full example configuration
I followed these two posts, but without any luck
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-se-nginx.html
https://davidojeda.mx/blog/2018/01/11/extend-nginx-config-on-aws-elasticbeanstalk
I just started to play around with elastic beanstalk on hand.
Going with the basics, I started the server with port:8000
I want to do a reverse proxy so it would be listening to port 80 instead.
I did not do this with elb to start with because I want to get to know the basics more before going into elb
this is my index.js which runs the app
const express = require('express');
const app = express();
const port = 8000;
app.get('/', async (req, res) => {
return res.json({ status: true });
});
app.listen(port, () => console.log(`Example app listening on port ${port}!`));
The above would work for sure if the url is http://eb_self_generated_url:8000 so I want to get it working with https://eb_self_generated_url
I was reading a few posts but none of them works though.
in my root, I created .ebextensions/nginx/conf.d/s_proxy.conf and inside I have
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
# this is actually what need to be changed
# I tried changing from http://nodejs to http://localhost:8000 at server which then will make the reverse proxy work
proxy_pass http://localhost:8000;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml appl$
}
I tried to zip the above and update / deploy but nothing changes
I also tried creating this under my app .ebextensions/proxy.conf
files:
/etc/nginx/conf.d/:
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml appl$
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/01_static.conf;
include conf.d/elasticbeanstalk/healthd.conf;
}
still I got no luck with getting the reverse proxy to work.
Anyone able to give me a hand ?
Thank you for any help and suggestions.
did you notice that you are using the port 8081 in nginx config instead your app's port (8000)?
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
Does anyone have a formatted nginx.config file for upgrading AWS EB to allow for web sockets? It would be great to see your example nginx.config files for this. I found I need to setup the nginx.config from this link.
Here's the one I thought was going to work before I tried other things but it and various similar versions I put through a YAML validator gave deployment errors:
files:
/etc/nginx/conf.d/proxy.conf:
content: |
http {
client_max_body_size 50M;
}
client_max_body_size 50M;
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location /static {
alias /var/app/current/static;
}
}
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
I've tried about a dozen formats I've found across the internet to no avail including from the following links:
Web Socket Issue for Node.js app on AWS EB for Parse Live Query
https://github.com/parse-community/parse-server/issues/3611