[英]Elastic Beanstalk Custom nginx.conf on Classic Load Balancer
I have struggled with this for days now...我已经为此苦苦挣扎了好几天...
I have an EBS application with a Classic Load Balancer with a AWS SSL certificate.我有一个带有 AWS SSL 证书的 Classic Load Balancer 的 EBS 应用程序。 The only issue I have left (sometimes it works and maybe some changes were made unwillingly, but then later it stops working on its own) is that I still have http (insecure) access to the server.
我留下的唯一问题(有时它可以工作,并且可能不情愿地进行了一些更改,但后来它自行停止工作)是我仍然拥有对服务器的 http(不安全)访问权限。
I created a nginx.conf in and deploy it with "eb deploy" in.ebextensions/nginx with the following code in order to achieve http to https redirection:我在其中创建了一个 nginx.conf 并使用以下代码在.ebextensions/nginx 中使用“eb deploy”部署它,以实现 http 到 https 的重定向:
#Elastic Beanstalk Nginx Configuration File
user nginx;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 18878;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include conf.d/*.conf;
map $http_upgrade $connection_upgrade {
default "upgrade";
}
server {
listen 80 default_server;
access_log /var/log/nginx/access.log main;
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
client_header_timeout 60;
client_body_timeout 60;
keepalive_timeout 60;
gzip off;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xm$
# Include the Elastic Beanstalk generated locations
include conf.d/elasticbeanstalk/*.conf;
}
}
Does anyone have a suggestion on how to change it or apply it?有人对如何更改或应用它有建议吗? AWS Documentation is horrible and overall should be a simple task.
AWS 文档很糟糕,总的来说应该是一项简单的任务。
CLB can't redirect from HTTP to HTTPS: CLB 无法从 HTTP 重定向到 HTTPS:
Classic Load Balancers can't redirect HTTP traffic to HTTPS
Classic Load Balancer 无法将 HTTP 流量重定向到 HTTPS
If you want to use CLB, all SSL and HTTPS handling must be done on the instances which is troublesome, puts more stress on the instances and its one more thing to manage yourself.如果要使用CLB,所有SSL和HTTPS的处理都必须在实例上进行,这很麻烦,给实例增加了压力,又是自己管理的一件事。
The easiest way to enable HTTPS and redirections from HTTP->HTTPS is through ALB, as explained in启用 HTTPS 和从 HTTP->HTTPS 重定向的最简单方法是通过 ALB,如中所述
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.