[英]Enforce https connection on Rails using AWS elastic beanstalk load balancer
我有一個使用 AWS 彈性 beantalk 負載均衡器在 puma 和 nginx 上運行的 rails 應用程序。 我配置了 AWS 證書,它在 http 和 https 上都可以正常工作。
但是,如果我在config/environments/production.rb
上啟用config.force_ssl = true
我開始收到以下錯誤:
在 http 上:連接已重置
在 https 上:安全連接失敗。 加載頁面時,與服務器的連接已重置。
這是我的nginx的配置文件,這是我從awslabs /彈性魔豆樣本得到的內容在這里:
.ebextensions/nginx.config
files:
"/opt/elasticbeanstalk/support/conf/webapp_healthd.conf":
owner: root
group: root
mode: "000644"
content: |
upstream my_app {
server unix:///var/run/puma/my_app.sock;
}
server {
listen 80;
server_name _ localhost; # need to listen to localhost for worker tier
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://my_app; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /assets {
alias /var/app/current/public/assets;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
location /public {
alias /var/app/current/public;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
}
container_commands:
99_restart_nginx:
command: "service nginx restart || service nginx start"
好吧,我在其他問題中找到了與相同問題有關的答案,但是使用了Node.js。
只需將其添加到.ebextensions文件夾內的文件中,我就將其稱為force-ssl.config
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
service nginx restart
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
原始答案: https : //stackoverflow.com/a/34619855/2454036
更新:我發現原始答案不會一直有效,因為在更新文件之前可能會觸發nginx重新啟動,因此我將添加的service nginx restart
放置到了腳本中
HTTP -> HTTPS 重定向是一種非常常見的做法,AWS 在此處記錄了如何實現它: https : //docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html
您擁有的解決方案與下面列出的他們自己提供的配置非常相似,它涵蓋了一系列不同的環境平台: https : //github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-提供/安全配置/https-重定向
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.