[英]HTTP to HTTPS with health link on Elastic Beanstalk using Django
I am trying to redirect Http to Https in Django deployed on AWS Beanstalk.我正在尝试将 Http 重定向到部署在 AWS Beanstalk 上的 Django 中的 Https。 Http to Https works fine when I remove the health link from the load balancer.
当我从负载平衡器中删除运行状况链接时,Http to Https 工作正常。 while having link in load balancer the app stops working.
在负载均衡器中有链接时,应用程序停止工作。
I am using the following config in settings file in the Django project hosted on Aws Beanstalk.我在 Aws Beanstalk 上托管的 Django 项目的设置文件中使用以下配置。
CORS_REPLACE_HTTPS_REFERER = True
HOST_SCHEME = "https://"
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
With SECURE_SSL_REDIRECT = True
all non-secure requests will be redirected to https.使用
SECURE_SSL_REDIRECT = True
所有非安全请求将被重定向到 https。 Non-secure requests - ones done via http
and with not matched SECURE_PROXY_SSL_HEADER
.非安全请求 - 通过
http
完成且不匹配SECURE_PROXY_SSL_HEADER
请求。
Even if your load balancer performs http to https redirect by itself - it is good to have this option enabled in django and simplier (all security options enabled).即使您的负载均衡器自己执行 http 到 https 重定向 - 在 django 和更简单的(启用所有安全选项)中启用此选项也很好。
AWS ALB Health Checks cannot set custom headers. AWS ALB 运行状况检查无法设置自定义标头。 We can exclude requests to certain endpoints from being redirected to https with SECURE_REDIRECT_EXEMPT -
[r'^health/$']
.我们可以使用SECURE_REDIRECT_EXEMPT -
[r'^health/$']
排除对某些端点的请求重定向到 https。
AWS ALB Health Check requests are done to instance ip. AWS ALB 运行状况检查请求是针对实例 ip 完成的。 To allow django process them - ip needs to be added to ALLOWED_HOSTS :
["172.16.2.5", "my.example.com"]
.为了允许 django 处理它们 - 需要将 ip 添加到ALLOWED_HOSTS :
["172.16.2.5", "my.example.com"]
。 This needs to be instance private ip, one that will be used by ALB to reach it.这需要是实例私有 IP,ALB 将使用该 IP 来访问它。
This can be done with:这可以通过以下方式完成:
Adding instance ip on instance start like in example .在实例启动时添加实例 ip 就像在example 中一样。 It can also be done with custom scripts and environment variables.
也可以使用自定义脚本和环境变量来完成。
using custom middleware which allows adding ip ranges in ALLOWED_HOSTS
and add VPC Subnet range or implement custom middleware manually使用定制的中间件,其允许在将IP范围
ALLOWED_HOSTS
并添加VPC子网范围或实施中间件手动定制
AWS ALB cannot add HSTS headers. AWS ALB 无法添加 HSTS 标头。 If you want to use Strict Transport Security headers - they should be added on app django side.
如果您想使用 Strict Transport Security 标头 - 它们应该添加到 app django 端。 This can be done with setting SECURE_HSTS_SECONDS other than zero.
这可以通过设置非零的 SECURE_HSTS_SECONDS来完成。
HSTS headers are only added on responses to secure requests ( https://
or SECURE_PROXY_SSL_HEADER
match). HSTS 标头仅添加到对安全请求的响应(
https://
或SECURE_PROXY_SSL_HEADER
匹配)。
I had the same problem and I fixed it with a middleware (python 3.x):我遇到了同样的问题,我用中间件(python 3.x)修复了它:
production settings.py:生产设置.py:
MIDDLEWARE = ['market.middleware.ELBHealthChecker_middleware'] + MIDDLEWARE
ELB middleware: ELB 中间件:
def ELBHealthChecker_middleware(get_response):
def middleware(request):
response = get_response(request)
if "ELB-HealthChecker" in request.META["HTTP_USER_AGENT"]:
from django.http import HttpResponse
return HttpResponse(status=200)
return response
return middleware
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
These have worked for me in the past.这些在过去对我有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.