Best IT Recipes

Forcing https in an elastic hose with ACM certificate

I have provided a scalable instance of EB (Elasticbeanstalk) rails (puma). I applied for https through ACM (Amazon Certificate Manager) and applied it to my load balancer. HTTPS is now enabled for my website. But how do I redirect redirection to https? I tried a number of solutions on the Internet, where it was suggested to do the nginx configuration manually via .ebextensions, and I'm not sure where to get the certificate from ACM for this? (I assume this is not possible with ACM right now?). How to force HTTPS?

+5
ruby-on-rails amazon-web-services elastic-beanstalk nginx ssl-certificate
May 25 '16 at 4:41
source share
1 answer

Current AWS EB Rails and Node.js install as nginx (if your web server is apache, see this answer ), so the following should work (adapted from this question ):

Create a .ebextensions/01-force-https.config ( .config is important, not .conf ) with the following contents.

If your environment is the only instance:

 files: "/etc/nginx/conf.d/01-force-https.conf": owner: root group: root mode: "000644" content: | server { listen 8080; return 301 https://$host$request_uri; }

If your environment is load balanced, you unfortunately cannot just add to your existing configuration, but you need to change it with sed:

 files: "/tmp/45_nginx_https_rw.sh": owner: root group: root mode: "000644" content: | #! /bin/bash CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf` if [ $CONFIGURED = 0 ] then sed -i '/listen 80;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf logger -t nginx_rw "https rewrite rules added" exit 0 else logger -t nginx_rw "https rewrite rules already set" exit 0 fi container_commands: 00_appdeploy_rewrite_hook: command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact 01_configdeploy_rewrite_hook: command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact 02_rewrite_hook_perms: command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh 03_rewrite_hook_ownership: command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh

Then add it to the git and eb deploy repository or application package. This creates /etc/nginx/conf.d/01-force-https.conf , which is automatically included from /etc/nginx/nginx.conf . Please note that eb deploy will not delete the file on the server if you later delete the corresponding file from .ebextensions . In addition, I found the following useful when debugging via eb ssh :

 sudo service nginx configtest sudo service nginx restart
+5
Apr 12 '17 at 9:10
source


More articles:


All Articles