node.js – AWS EB – 将所有流量重定向到https

我的nodejs应用程序部署在AWS EB上.我已经配置了https服务器,它运行正常.现在,我需要使用www将每个非https请求重定向到https.作为前缀,像这样：

GET example.com => https://www.example.com

我正在使用Nginx,我的EB实例是一个没有负载均衡器的单个实例.

我已使用此代码在.ebextensions文件夹中创建了一个配置文件

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

files:
  /etc/Nginx/conf.d/999_Nginx.conf:
    mode: "000644"
    owner: root
    group: root
    content: |

      upstream nodejsserver {
        server 127.0.0.1:8081;
        keepalive 256;
      }

      # HTTP server

      server {
        listen       8080;
        server_name  localhost;
        return        301 https://$host$request_uri;
      }

      # HTTPS server

      server {
        listen       443;
        server_name  localhost;

        ssl                  on;
        ssl_certificate      /etc/pki/tls/certs/server.crt;
        ssl_certificate_key  /etc/pki/tls/certs/server.key;

        ssl_session_timeout  5m;

        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_prefer_server_ciphers   on;

        location / {
          proxy_pass  http://nodejsserver;
          proxy_set_header   Connection "";
          proxy_http_version 1.1;
          proxy_set_header        Host                $host;
          proxy_set_header        X-Real-IP           $remote_addr;
          proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto   https;
        }
      }

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      my crt
      -----END CERTIFICATE-----

  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      my key
      -----END RSA PRIVATE KEY-----

  /etc/Nginx/conf.d/gzip.conf:
    content: |
      gzip on;
      gzip_comp_level 9;
      gzip_http_version 1.0;
      gzip_types text/plain text/css image/png image/gif image/jpeg application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/RSS+xml application/atom+xml application/rdf+xml;
      gzip_proxied any;
      gzip_disable "msie6";

commands:
   00_enable_site:
    command: 'rm -f /etc/Nginx/sites-enabled/*'

我确定aws正在考虑我的配置,因为de ssl工作正常.但http块不起作用..没有重定向.

也许我的问题是重写EB的原始Nginx配置,你知道如何实现这个吗？

你可以帮帮我吗？我尝试过很多东西..

谢谢

解决方法:

好的,发现问题,EB创建了一个默认的配置文件/etc/Nginx/conf.d/00_elastic_beanstalk_proxy.conf,它正在收听8080.因此,由于Nginx正在使用之前定义的规则,因此您的重定向不会被接收8080.

这是我使用的配置文件.它生成的文件将在默认规则之前.

https://github.com/jozzhart/beanstalk-single-forced-ssl-nodejs-pm2/blob/master/.ebextensions/https-redirect.config

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 [email protected] 举报，一经查实，本站将立刻删除。