9

I know this question has been asked before, but nothing seems to be working for me. I've tried multiple different things, such as the answers described in these questions:

How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS? Redirecting EC2 elb from http to https

None of them seem to work. I'm an aws noob, so I'm not entirely sure how editing config files works - or if I've done something wrong.

My setup is the following:

My current nginx.config file in my .ebextensions folder (got this from this article):

files:
  "/tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf" :
    mode: "000755"
    owner: root
    group: root
    content: |
        upstream nodejs {
            server 127.0.0.1:8081;
            keepalive 256;
        }
        server {
            listen 8080;
            set $fixedWWW '';
            set $needRedir 0;
            # nginx does not allow nested if statements
            # check and decide on adding www prefix
            if ($host !~* ^www(.*)) {
                set $fixedWWW 'www.';
                set $needRedir 1;
            }
            # what about that https? the traffic is all http right now
            # but elastic load balancer tells us about the original scheme
            # using $http_x_forwarded_proto variable
            if ($http_x_forwarded_proto != 'https') {
                set $needRedir 1;
            }
            # ok, so whats the verdict, do we need to redirect?
            if ($needRedir = 1) {
                rewrite ^(.*) https://$fixedWWW$host$1 redirect;
            }
            location / {
                proxy_pass  http://nodejs;
                proxy_set_header   Connection "";
                proxy_http_version 1.1;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            }
            gzip on;
        }

But this doesn't seem to do anything. I've run out of ideas. I'm not sure whether I'm missing a step or something but I don't know what to do. As a workaround I've got my angularjs front end redirecting non-https requests, but this is too hacky and some of the DOM renders before the redirect, I'd like to redirect at the load balancer - where it should redirect.

Community
  • 1
  • 1
KDogg
  • 445
  • 1
  • 6
  • 14
  • At a glance, your Nginx configuration looks correct. It's checking the x-forwarded-proto header, and redirecting if not 'https'. It looks like you are also redirecting from naked domain to www subdomain, is that working? Are you sure the nginx config is actually being applied to your beanstalk servers? – Mark B Mar 05 '16 at 19:59
  • I've actually just pointed the naked domain to www in route 53, and then the www points to EB. So that check is redundant at the moment. How would I check if this file is overriding the default file? – KDogg Mar 06 '16 at 00:11
  • 2
    [What did you do KDogg](https://xkcd.com/979/)?? I have the same issue! – Andy Hayden Jun 21 '16 at 05:17
  • I never actually figured out how to do it :P I just put a javascript redirect in the first tag in the head of my html file. It's fast enough to not really affect load times. Sorry! If you figure it out I'd love to know – KDogg Jun 21 '16 at 05:35

2 Answers2

2

It looks like you're trying to do both a redirect for non-WWW and for non-HTTPS connections. Have you tried the simpler case of just http:// -> https:// ?

if ($http_x_forwarded_proto = "http") {
    return 301 https://$host$request_uri;
}

Sometimes it's easier to handle it via two redirects, one from HTTP to HTTPS and one from non-WWW to WWW. In fact, if you're going to register your site via HSTS (https-everywhere), they require this sort of approach.

Edit: Also, just noticed the first line of your config, you might want to try injecting the nginx file directly:

files:
  "/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" :
SMX
  • 1,372
  • 15
  • 14
1

It's pretty hard to update /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf" directly. I found this: https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/security-configuration/https-redirect/nodejs/https-redirect-nodejs.config, which let's you set up the redirect, but that would have changed my other config files too much. The best way to go about it is create a redirect.config file in your .ebextensions folder:

container_commands:
  https_redirect:
    command: |
     sed -i '/location \/ {/i \
              set $redirect 0;\
              if ($http_x_forwarded_proto != "https") {\
                set $redirect 1;\
              }\
              if ($http_user_agent ~* "ELB-HealthChecker") {\
                set $redirect 0;\
              }\
              if ($redirect = 1) {\
                return 301 https://$host$request_uri;\
              }\
      ' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf```
Daniel Miller
  • 23
  • 2