In the most common configurations, when running your web app behind Nginx or Apache, your https:// request will get redirected to http://. Sometimes, you may want to rewrite all HTTP requests to HTTPS.
The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS”. For the HTTP requests, you can force HTTPS by adding a simple rewrite rule, as follows:
1. Nginx
In your nginx site config file check if the value of X_FORWARDED_PROTO is https, if not, rewrite it:
server {
listen 80;
....
location / {
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
....
}
}
2. Apache
Same goes for Apache, add this rewrite rule to your site’s config file:
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
...
</VirtualHost>
3. IIS
Install IIS Url-Rewrite module, using the configuration GUI add these settings
<rewrite xdt:Transform="Insert">
<rules>
<rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
</rule>
</rules>
</rewrite>
4. HAProxy
frontend node1-https
bind 192.168.20.19:443 ssl crt /etc/ssl/cert.pem
mode http
maxconn 50000
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS”. For the HTTP requests, you can force HTTPS by adding a simple rewrite rule, as follows:
1. Nginx
In your nginx site config file check if the value of X_FORWARDED_PROTO is https, if not, rewrite it:
server {
listen 80;
....
location / {
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
....
}
}
2. Apache
Same goes for Apache, add this rewrite rule to your site’s config file:
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
...
</VirtualHost>
3. IIS
Install IIS Url-Rewrite module, using the configuration GUI add these settings
<rewrite xdt:Transform="Insert">
<rules>
<rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
</rule>
</rules>
</rewrite>
4. HAProxy
frontend node1-https
bind 192.168.20.19:443 ssl crt /etc/ssl/cert.pem
mode http
maxconn 50000
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
No comments:
Post a Comment