经典负载均衡器上的 Elastic Beanstalk 自定义 nginx.conf

Question

I have struggled with this for days now...

I have an EBS application with a Classic Load Balancer with a AWS SSL certificate. The only issue I have left (sometimes it works and maybe some changes were made unwillingly, but then later it stops working on its own) is that I still have http (insecure) access to the server.

I created a nginx.conf in and deploy it with "eb deploy" in.ebextensions/nginx with the following code in order to achieve http to https redirection:

#Elastic Beanstalk Nginx Configuration File

user                    nginx;
error_log               /var/log/nginx/error.log warn;
pid                     /var/run/nginx.pid;
worker_processes        auto;
worker_rlimit_nofile    18878;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    include       conf.d/*.conf;

    map $http_upgrade $connection_upgrade {
        default     "upgrade";
    }

    server {
        listen        80 default_server;
        access_log    /var/log/nginx/access.log main;
        set $redirect 0;
        if ($http_x_forwarded_proto != "https") {
            set $redirect 1;
        }
        if ($http_user_agent ~* "ELB-HealthChecker") {
            set $redirect 0;
        }
        if ($redirect = 1) {
            return 301 https://$host$request_uri;
        }

        client_header_timeout 60;
        client_body_timeout   60;
        keepalive_timeout     60;
        gzip                  off;
        gzip_comp_level       4;
        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xm$
        # Include the Elastic Beanstalk generated locations
        include conf.d/elasticbeanstalk/*.conf;
    }
}

Does anyone have a suggestion on how to change it or apply it? AWS Documentation is horrible and overall should be a simple task.

Answer 1

CLB can't redirect from HTTP to HTTPS:

Classic Load Balancers can't redirect HTTP traffic to HTTPS

If you want to use CLB, all SSL and HTTPS handling must be done on the instances which is troublesome, puts more stress on the instances and its one more thing to manage yourself.

The easiest way to enable HTTPS and redirections from HTTP->HTTPS is through ALB, as explained in

• How can I redirect HTTP requests to HTTPS using an Application Load Balancer?