I have provisioned a scalable EB(Elasticbeanstalk) rails(puma) instance. I have applied for https through ACM(Amazon Certificate Manager) and applied it to my load balancer. HTTPS is enabled for my website now. But how do I force redirect to https? I have tried a number of solutions online where it was suggested to make a nginx configuration setting manually through .ebextensions and I am not sure where to get the certificate from ACM for this?(I am assuming that is not possible with ACM right now?). How do I force HTTPS?
Asked
Active
Viewed 1,760 times
6
Aravind
- 1,391
- 1
- 16
- 41
-
I followed this http://msnider.github.io/blog/2013/12/06/force-https-slash-ssl-on-amazon-elastic-beanstalk/ and it worked. You may have to manually restart your server for it to work? or maybe just uploading and deploying. I also vaguely remember having to alias my load balancer to my domain to get my cert to work, but that could have been because I purchased an Extended Validation cert. – vath May 25 '16 at 06:22
-
It seems that the Internet cannot agree on a single, complete and working solution to this problem. Hopefully you can get some help [here in my post](http://thehunk.blogspot.in/2017/11/how-to-force-redirect-http-to-https-in.html). I had to jump through hoops to come up with this, finally. – ADTC Nov 12 '17 at 00:08
2 Answers
5
The current AWS EB Rails and Node.js setups both use nginx (if your web server is apache see this answer), so the following should work (adapted from this question):
Create the file .ebextensions/01-force-https.config (the .config is important, not .conf) with the following content.
If your environment is a single instance:
files:
"/etc/nginx/conf.d/01-force-https.conf":
owner: root
group: root
mode: "000644"
content: |
server {
listen 8080;
return 301 https://$host$request_uri;
}
If your environment is load balanced, you unfortunately cannot simply add to the existing config but need to modify it with sed:
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Then add it to your git repo or app bundle and eb deploy. This creates /etc/nginx/conf.d/01-force-https.conf which is automatically included from /etc/nginx/nginx.conf. Note that eb deploy won't delete the file on the server if you later remove the corresponding file from .ebextensions. Also, I found the following helpful in debugging through eb ssh:
sudo service nginx configtest
sudo service nginx restart
-
This will probably not work currently - see [my comment at your source](https://stackoverflow.com/questions/24297375/how-to-get-elastic-beanstalk-nginx-backed-proxy-server-to-auto-redirect-from-htt#comment93464886_28271106) – Iiridayn Nov 14 '18 at 00:59
0
AWS has a help article for HTTP to HTTPS redirection here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html
It covers 2 main approaches, and has links to the relevant scripts you can use to do it all for you (which they maintain as they update the Elastic Beanstalk platform).
stwr667
- 1,566
- 1
- 16
- 31