Does anyone have a formatted nginx.config file for upgrading AWS EB to allow for web sockets? It would be great to see your example nginx.config files for this. I found I need to setup the nginx.config from this link.
Here's the one I thought was going to work before I tried other things but it and various similar versions I put through a YAML validator gave deployment errors:
files:
/etc/nginx/conf.d/proxy.conf:
content: |
http {
client_max_body_size 50M;
}
client_max_body_size 50M;
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location /static {
alias /var/app/current/static;
}
}
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
I've tried about a dozen formats I've found across the internet to no avail including from the following links:
Web Socket Issue for Node.js app on AWS EB for Parse Live Query
https://github.com/parse-community/parse-server/issues/3611
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 3 years ago.
Improve this question
I have a website setup in Elastic Beanstalk, but when I enter the website.com URL in a browser, it auto directs me to https//website.com and is missing the colon... it works if I add www.website.com though... or if I type https://www.website.com.
The contents of a .ebextensions/prod01.config file
files:
/etc/nginx/conf.d/proxy.conf:
owner: root
group: root
mode: "000644"
content: |
# Elastic Beanstalk Managed
# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
server_name website.com;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://www.heyants.com$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 8080;
server_name www.website.com;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
owner: root
group: root
mode: "000755"
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
if [[ -e /etc/init/nginx.conf ]] ; then
echo Using initctl to stop and start nginx
initctl stop nginx || true
initctl start nginx
else
echo Using service to stop and start nginx
service nginx stop
service nginx start
fi
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
Update
I have updated to use one of the AWS references provided below; but one condition of the redirect still does not work; I hope that with this clear update a truly canonical solution for all can be found.
website.com SUCCESSFULLY REDIRECTS TO https://www.website.com
www.website.com SUCCESSFULLY REDIRECTS TO https://www.website.com
https://www.website.com SUCCESSFULLY REDIRECTS TO https://www.website.com
http://www.website.com SUCCESSFULLY REDIRECTS TO
https://website.com
http://website.com FAILS TO REDIRECT TO https://www.website.com
https://website.com FAILS TO REDIRECT TO https://www.website.com; it takes them to https//www.website.com (Missing a colon)
Update your AWS Elastic Beanstalk config file that is residing here "/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" with the following content according to your requirements:
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
I tested with your configuration:
Request: GET http://website.com/ --> Reponse: 301, Location: http://https://www.website.com/
the second semicolon is removed by browser. It is unexpected, bug perhaps.
Can you try to use rewrite instead:
listen 8080;
server_name website.com;
...
if ($redirect = 1) {
rewrite ^(.*) https://www.website.com$1 permanent;
}
Request: GET https://website.com/ --> FAILED
On website.com rule it redirect to https://www.website.com/ only if its http. If you want https://website.com/ redirects to https://www.website.com/ then add
listen 8080;
server_name website.com;
...
if ($host = "website.com") {
rewrite ^(.*) https://www.website.com$1 permanent;
}
My website is running in a Docker Image using Nginx with reverse proxy.
Site is working prefectly for many hours under heavy traffic, but eventually it stops working and giving no response with 5** time out error.
In AWS Elastic Beanstalks Nginx-log I found this error-message:
[alert] 18037#0: 1024 worker_connections are not enough
I am afraid something is wrong with my custom Nginx-config,
but I do not understand what it is.
Code from https-redirect-docker-sc.config is attached.
I have tried to debug code to find any memory leaks or loops, but I can not find any solution.
files:
"/etc/nginx/sites-available/elasticbeanstalk-nginx-docker-proxy.conf":
owner: root
group: root
mode: "000755"
content: |
map $http_upgrade $connection_upgrade {
default "upgrade";
"" "";
}
server {
listen 80;
server_name mydomain.no;
return 301 https://www.mydomain.no$request_uri;
}
server {
listen 80 default_server;
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Default value for Nginx worker_connections is 1024, which is not enough for you.
Add events block before http in your nginx.conf, so it looks like this:
events {
worker_connections 4096; ## Default: 1024
}
http {
include conf/mime.types;
.....
}
You can also increase number of worker_processes(default = 1), so the total amount of connections your server can handle would be worker_processes * worker_connections
Please check here the full example configuration
I followed these two posts, but without any luck
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-se-nginx.html
https://davidojeda.mx/blog/2018/01/11/extend-nginx-config-on-aws-elasticbeanstalk
I just started to play around with elastic beanstalk on hand.
Going with the basics, I started the server with port:8000
I want to do a reverse proxy so it would be listening to port 80 instead.
I did not do this with elb to start with because I want to get to know the basics more before going into elb
this is my index.js which runs the app
const express = require('express');
const app = express();
const port = 8000;
app.get('/', async (req, res) => {
return res.json({ status: true });
});
app.listen(port, () => console.log(`Example app listening on port ${port}!`));
The above would work for sure if the url is http://eb_self_generated_url:8000 so I want to get it working with https://eb_self_generated_url
I was reading a few posts but none of them works though.
in my root, I created .ebextensions/nginx/conf.d/s_proxy.conf and inside I have
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
# this is actually what need to be changed
# I tried changing from http://nodejs to http://localhost:8000 at server which then will make the reverse proxy work
proxy_pass http://localhost:8000;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml appl$
}
I tried to zip the above and update / deploy but nothing changes
I also tried creating this under my app .ebextensions/proxy.conf
files:
/etc/nginx/conf.d/:
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml appl$
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/01_static.conf;
include conf.d/elasticbeanstalk/healthd.conf;
}
still I got no luck with getting the reverse proxy to work.
Anyone able to give me a hand ?
Thank you for any help and suggestions.
did you notice that you are using the port 8081 in nginx config instead your app's port (8000)?
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
I want a redirect from HTTP request to HTTPS on Elastic Beanstalk with nginx as proxy system.
I've found a lot of advices on Google but no one helped, it doesn't redirect.
That is my current test.config file in .ebexentions directory:
files:
"/etc/nginx/conf.d/proxy.conf" :
mode: "000644"
owner: root
group: root
content: |
server{
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
}
I've also tried countless other settings, none of them worked.
That are my load balancer settings:
I hope you can help me. :)
Some considerations:
1 - New Amazon Elastic Beanstalk platform versions running Amazon Linux 2 have a different path of reverse proxy configuration:
~/workspace/my-app/
|-- .platform
| `-- nginx
| `-- conf.d
| `-- elasticbeanstalk
| `-- 00_application.conf
`-- other source files
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html
2 - The AWS ELB Health Checker appears to be unable to check HTTPS endpoints.
Surely, if you are using a custom certificate for your domain, is unable to act a check in what he considers an "untrusted site".
https://your-eb-app.eu-west-3.elasticbeanstalk.com published with a certificate registered for your organization with this DNS alias https://your-eb-app.your-organization.com causes ELB Health Checker error (certificate domain mismatch).
3 - The configuration suggested exposes all locations to ANY client which shows up with "ELB-HealthChecker*" user-agent on the standard HTTP port (80); not quite what we want :-)
You can configure ELB Health Checker to accept the HTTP 301 status, but it doesn't have much use; a simple redirect response does not mean that our web application is in good health :-)
A more secure solution is a dedicated health check endpoint configuration:
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /health-check.html {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
This is the only solution that worked.
It's necessary to overwrite the default nginx file after AWS created it. So there has to be two more files:
Write the nginx file.
Create a script that overwrites the default nginx file.
Run the script after AWS created the default file.
I faced a similar problem when I was trying to redirect all HTTP traffic to HTTPS in my AWS Elastic Beanstalk Go environment using Nginx. This is the solution, I was provided by the AWS Support team:
Create a file in the below directory structure at the root of the application code.
.ebextensions/nginx/conf.d/elasticbeanstalk/00_application.conf
with the content
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
For a complete list of AWS provided config files, you should check out this link.
What I did to achieve , I completely override original nginx.conf with my custom given nginx.conf along with some custom configuration for location directives
.plateform
-- nginx
-- nginx.conf
-- conf.d
-- elasticbeanstalk
--custom.conf
Here is my nginx.conf
user nginx;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 32153;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include conf.d/*.conf;
map $http_upgrade $connection_upgrade {
default "upgrade";
}
server {
listen 80 default_server;
access_log /var/log/nginx/access.log main;
client_header_timeout 60;
client_body_timeout 60;
keepalive_timeout 60;
gzip off;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/*.conf;
}
}
Following line will helped me to safely over-ride the configuration
include conf.d/elasticbeanstalk/*.conf;
AWS Beanstalk environment Load balancer
Make sure that under the load balancer settings of Beanstalk environment both the ports(80,443) enable. If the port 80 is disable you will get the error of 503 "Service Temporarily Unavailable"
What is the best way to force http to https with Elastic Beanstalk that has a Nginx Load Balancer? Https works for the application with the certificate I received from the AWS Certificate Manager, I just want it to make sure that https is always used. Seems like something that should already be built in to AWS. Any help is appreciated.
Create a file that ends with .config in your ebextensions and add the following to it
files:
/etc/nginx/conf.d/proxy.conf:
owner: root
group: root
mode: "000644"
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
owner: root
group: root
mode: "000755"
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
service nginx stop
service nginx start
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
source
You can read more about ebextensions here