使用 Django 在 Elastic Beanstalk 上使用健康链接从 HTTP 到 HTTPS
[英]HTTP to HTTPS with health link on Elastic Beanstalk using Django
问题描述
I am trying to redirect Http to Https in Django deployed on AWS Beanstalk.
我正在尝试将 Http 重定向到部署在 AWS Beanstalk 上的 Django 中的 Https。 Http to Https works fine when I remove the health link from the load balancer.当我从负载平衡器中删除运行状况链接时,Http to Https 工作正常。 while having link in load balancer the app stops working.在负载均衡器中有链接时,应用程序停止工作。
I am using the following config in settings file in the Django project hosted on Aws Beanstalk.我在 Aws Beanstalk 上托管的 Django 项目的设置文件中使用以下配置。
CORS_REPLACE_HTTPS_REFERER = True
HOST_SCHEME = "https://"
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
3 个解决方案
解决方案1
2 2020-01-14 08:19:52
With SECURE_SSL_REDIRECT = True all non-secure requests will be redirected to https.使用SECURE_SSL_REDIRECT = True所有非安全请求将被重定向到 https。 Non-secure requests - ones done via http and with not matched SECURE_PROXY_SSL_HEADER .非安全请求 - 通过http完成且不匹配SECURE_PROXY_SSL_HEADER请求。
Even if your load balancer performs http to https redirect by itself - it is good to have this option enabled in django and simplier (all security options enabled).即使您的负载均衡器自己执行 http 到 https 重定向 - 在 django 和更简单的(启用所有安全选项)中启用此选项也很好。
AWS ALB Health Checks cannot set custom headers. AWS ALB 运行状况检查无法设置自定义标头。 We can exclude requests to certain endpoints from being redirected to https with SECURE_REDIRECT_EXEMPT - [r'^health/$'] .我们可以使用SECURE_REDIRECT_EXEMPT - [r'^health/$']排除对某些端点的请求重定向到 https。
AWS ALB Health Check requests are done to instance ip. AWS ALB 运行状况检查请求是针对实例 ip 完成的。 To allow django process them - ip needs to be added to ALLOWED_HOSTS : ["172.16.2.5", "my.example.com"] .为了允许 django 处理它们 - 需要将 ip 添加到ALLOWED_HOSTS : ["172.16.2.5", "my.example.com"] 。 This needs to be instance private ip, one that will be used by ALB to reach it.这需要是实例私有 IP,ALB 将使用该 IP 来访问它。
This can be done with:这可以通过以下方式完成:
Adding instance ip on instance start like in example .
在实例启动时添加实例 ip 就像在example 中一样。 It can also be done with custom scripts and environment variables.也可以使用自定义脚本和环境变量来完成。using custom middleware which allows adding ip ranges in
ALLOWED_HOSTSand add VPC Subnet range or implement custom middleware manually使用定制的中间件,其允许在将IP范围ALLOWED_HOSTS并添加VPC子网范围或实施中间件手动定制
AWS ALB cannot add HSTS headers. AWS ALB 无法添加 HSTS 标头。 If you want to use Strict Transport Security headers - they should be added on app django side.如果您想使用 Strict Transport Security 标头 - 它们应该添加到 app django 端。 This can be done with setting SECURE_HSTS_SECONDS other than zero.这可以通过设置非零的 SECURE_HSTS_SECONDS来完成。
HSTS headers are only added on responses to secure requests ( https:// or SECURE_PROXY_SSL_HEADER match). HSTS 标头仅添加到对安全请求的响应( https://或SECURE_PROXY_SSL_HEADER匹配)。
解决方案2
1 2020-08-25 05:51:34
I had the same problem and I fixed it with a middleware (python 3.x):我遇到了同样的问题,我用中间件(python 3.x)修复了它:
production settings.py:生产设置.py:
MIDDLEWARE = ['market.middleware.ELBHealthChecker_middleware'] + MIDDLEWARE
ELB middleware: ELB 中间件:
def ELBHealthChecker_middleware(get_response):
def middleware(request):
response = get_response(request)
if "ELB-HealthChecker" in request.META["HTTP_USER_AGENT"]:
from django.http import HttpResponse
return HttpResponse(status=200)
return response
return middleware
解决方案3
0 2020-01-15 02:58:24
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
These have worked for me in the past.这些在过去对我有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.