1

I would like all HTTP traffic to be redirected to HTTPS on my Rails web app deployed on AWS Elastic Beanstalk.

There is a config option for Rails that forces SSL on all connection. The issue is that without modifying the default nginx config on my EB environment, I am getting a redirect loop. Why am I getting infinite redirect loop with force_ssl in my Rails app?

I'm new to EB and I was wondering how I would go about adding in the proxy_set_header X-Forwarded-Proto $scheme; to nginx.conf using .ebextensions configuration files. Do I copy and paste the current nginx.conf file by SSHing into my EC2 instance and add the header? When I navigate to /etc/nginx/nginx.conf, the HTTPS portion of the config file seems to be commented out, even though I enabled it in the AWS web console.

Community
  • 1
  • 1
Richard
  • 828
  • 1
  • 8
  • 28
  • could you use the load balancer for this? We make the instances private, and the load balancer has the SSL cert and listens on 443 only. It forwards to port 80 on the instance. – Marc Young Jan 08 '16 at 16:43
  • If I only leave port 443 open on the load balancer, I can't access my app with `http://www.example.com` (I get a ERR_CONNECTION_REFUSED response). Is there a way to redirect http requests to https via AWS? I would use Rails' force_ssl config setting, but I'll need to edit nginx.conf to prevent it from redirect looping. – Richard Jan 08 '16 at 16:57

1 Answers1

2

I have been facing this issue for some time. The best solution for forcing SSL on Rails + Elastic Beanstalk is from Amazon. They have a config file (ebextension) for exactly this purpose. You can find it here:

https://github.com/awsdocs/elastic-beanstalk-samples/blob/830ff9163ef37d0ece8ecf583c1c84223e9266e7/configuration-files/aws-provided/security-configuration/https-redirect/ruby-puma/https-redirect-ruby-puma.config

If you need more information on ebextensions, you can find them in the docs http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

Simon L. Brazell
  • 1,132
  • 8
  • 14
jkras
  • 324
  • 2
  • 5
  • Dead link. This is why you always hit `y` before copying a link from GitHub. :( – Justin Force Feb 09 '18 at 19:40
  • https://github.com/awsdocs/elastic-beanstalk-samples/blob/830ff9163ef37d0ece8ecf583c1c84223e9266e7/configuration-files/aws-provided/security-configuration/https-redirect/ruby-puma/https-redirect-ruby-puma.config I think this is it. – Simon L. Brazell Apr 11 '18 at 08:40