我有一个在puma&使用AWS弹性Beanstalk负载平衡器NGINX。我配置了AWS证书,并且在HTTP和HTTPS上都可以正常工作。
但是,如果我在config/environments/production.rb上启用config.force_ssl = true,我开始遇到以下错误:
在http上:连接重置
https:安全连接失败。页面加载时,与服务器的连接重置。
这是我的nginx配置文件的内容,我从awslabs/Elastic-beanstalk-samples中获得的内容:
.ebextensions/nginx.config
files:
"/opt/elasticbeanstalk/support/conf/webapp_healthd.conf":
owner: root
group: root
mode: "000644"
content: |
upstream my_app {
server unix:///var/run/puma/my_app.sock;
}
server {
listen 80;
server_name _ localhost; # need to listen to localhost for worker tier
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://my_app; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /assets {
alias /var/app/current/public/assets;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
location /public {
alias /var/app/current/public;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
}
container_commands:
99_restart_nginx:
command: "service nginx restart || service nginx start"
我在与同一问题有关的问题中找到了我的答案,但使用node.js
只需要将其添加到.ebextensions文件夹中的文件中,我称其为执行ssl.config
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
service nginx restart
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
原始答案:https://stackoverflow.com/a/34619855/2454036
更新:我发现原始答案将不总是有效,因为Nginx重新启动可能会在更新文件之前触发,因此我将添加的service nginx restart放置在脚本
http->HTTPS重定向是一种非常普遍的实践,AWS记录了如何在此处实现它:https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html
您拥有的解决方案与下面列出的它们提供的配置非常相似,该配置涵盖了一系列不同的环境平台:https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect