使用来自ACM的证书在Elasticbeanstalk中强制使用https
[英]Forcing https in elasticbeanstalk with certificate from ACM
问题描述
I have provisioned a scalable EB(Elasticbeanstalk) rails(puma) instance. 
我已提供了一个可扩展的EB(Elasticbeanstalk)rails(puma)实例。 I have applied for https through ACM(Amazon Certificate Manager) and applied it to my load balancer. 我已经通过ACM(Amazon Certificate Manager)申请了https,并将其应用于我的负载均衡器。 HTTPS is enabled for my website now. 我的网站现已启用HTTPS。 But how do I force redirect to https? 但是,如何强制重定向到https? I have tried a number of solutions online where it was suggested to make a nginx configuration setting manually through .ebextensions and I am not sure where to get the certificate from ACM for this?(I am assuming that is not possible with ACM right now?). 我已经尝试了许多在线解决方案,建议通过.ebextensions手动进行nginx配置设置,但是我不确定从何处获得ACM的证书?(我假设现在ACM无法实现? )。 How do I force HTTPS? 如何强制使用HTTPS?
1 个解决方案
解决方案1
5 2017-04-12 09:10:29
The current AWS EB Rails and Node.js setups both use nginx (if your web server is apache see this answer ), so the following should work (adapted from this question ): 当前的AWS EB Rails和Node.js设置都使用nginx(如果您的Web服务器是apache,请参见此答案 ),因此以下内容应该可以工作(适应于此问题 ):
Create the file .ebextensions/01-force-https.config (the .config is important, not .conf ) with the following content. 创建具有以下内容的文件.ebextensions/01-force-https.config ( .config很重要,而不是.conf )。
If your environment is a single instance: 如果您的环境是单个实例:
files:
"/etc/nginx/conf.d/01-force-https.conf":
owner: root
group: root
mode: "000644"
content: |
server {
listen 8080;
return 301 https://$host$request_uri;
}
If your environment is load balanced, you unfortunately cannot simply add to the existing config but need to modify it with sed: 如果您的环境是负载平衡的,那么很遗憾,您不能简单地添加到现有配置中,而需要使用sed对其进行修改:
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Then add it to your git repo or app bundle and eb deploy . 然后将其添加到您的git repo或应用程序包中,然后eb deploy 。 This creates /etc/nginx/conf.d/01-force-https.conf which is automatically included from /etc/nginx/nginx.conf . 这将创建/etc/nginx/conf.d/01-force-https.conf ,该文件会自动包含在/etc/nginx/nginx.conf 。 Note that eb deploy won't delete the file on the server if you later remove the corresponding file from .ebextensions . 请注意,如果您稍后从.ebextensions删除相应的文件,则eb deploy不会删除服务器上的文件。 Also, I found the following helpful in debugging through eb ssh : 另外,我发现以下内容有助于通过eb ssh进行调试:
sudo service nginx configtest
sudo service nginx restart
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.