ruby-on-rails – 使用来自ACM的证书在elasticbeanstalk中强制ht

使用以下内容创建文件.ebextensions / 01-force-https.config(.config很重要,而不是.conf).

如果您的环境是单个实例：

files:
  "/etc/nginx/conf.d/01-force-https.conf":
    owner: root
    group: root
    mode: "000644"
    content: |
      server {
          listen 8080;
          return 301 https://$host$request_uri;
      }

如果你的环境是负载平衡的,你遗憾的是不能简单地添加到现有的配置,但需要用sed修改它：

files:
  "/tmp/45_nginx_https_rw.sh":
    owner: root
    group: root
    mode: "000644"
    content: |
      #! /bin/bash

      CONFIGURED=`grep -c "return 301 https" /opt/elasticbeanstalk/support/conf/webapp_healthd.conf`

      if [ $CONFIGURED = 0 ]
        then
          sed -i '/listen 80;/a     if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }n' /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
          logger -t nginx_rw "https rewrite rules added"
          exit 0
        else
          logger -t nginx_rw "https rewrite rules already set"
          exit 0
      fi

container_commands:
  00_appdeploy_rewrite_hook:
    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
  01_configdeploy_rewrite_hook:
    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
  02_rewrite_hook_perms:
    command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
  03_rewrite_hook_ownership:
    command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh

然后将其添加到您的git repo或app bundle和eb deploy.这将创建/etc/nginx/conf.d/01-force-https.conf,它自动包含在/etc/nginx/nginx.conf中.请注意,如果稍后从.ebextensions中删除相应的文件,eb deploy将不会删除服务器上的文件.另外,我发现以下有助于通过eb ssh进行调试：

sudo service nginx configtest
sudo service nginx restart