How to redirect http -> https on aws classic load balancer?
我在beantalk和配置的nginx实例上有一个经典的负载均衡器。我想将http重定向到https请求。
我设置了负载平衡器侦听器,以将端口80重定向到其实例。
我在.ebextensions / nginx_config.config中创建了一个文件,在其中设置重定向并过滤掉运行状况检查。
请参见下面的配置重写:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | files: /etc/nginx/conf.d/proxy.conf: owner: root group: root mode:"000644" content: | upstream nodejs { server 127.0.0.1:8081; keepalive 256; } server { listen 80; if ($time_iso8601 ~"^(\\d{4})-(\\d{2})-(\\d{2})T(\\d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd; access_log /var/log/nginx/access.log main; location / { set $redirect 0; if ($http_x_forwarded_proto ="http") { return 301 https://$host$request_uri; } if ($http_user_agent ~*"ELB-HealthChecker") { set $redirect 0; } if ($redirect = 1) { return 301 https://$host$request_uri; } proxy_pass http://nodejs; proxy_set_header Connection""; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /health-check { access_log off; default_type text/plain; return 200 a€?OKa€?; } gzip on; gzip_comp_level 4; gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; } /opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh: owner: root group: root mode:"000755" content: | #!/bin/bash -xe rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf if [[ -e /etc/init/nginx.conf ]] ; then echo Using initctl to stop and start nginx initctl stop nginx || true initctl start nginx else echo Using service to stop and start nginx service nginx stop service nginx start fi container_commands: removeconfig: command:"rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf" |
但是似乎什么也没发生,并且服务器仍然没有重定向到https。看来我的配置只是被忽略了。在这种情况下如何重定向到https?
因此,根据我上面的建议。创建具有2个侦听器的应用程序负载平衡器。
第一个侦听器是一个443 HTTPS侦听器,可直接将流量提供给您的目标组。
第二侦听器是一个80 HTTP侦听器,它使用重定向规则来重定向到HTTPS。
这是最佳做法。
您可以让负载均衡器使用来自ACM的证书侦听443,然后将该流量重定向到端口80?但强烈建议使用上述@ mokugo-devops所说的ALB。希望这可以帮助。您还可以查看类似的问题AWS EB-将所有流量重定向到https