我正在尝试部署一个非常简单的代理,该代理将在端口80上侦听HTTP并转发(不返回重定向301!)到外部主机上端口433上的HTTPS。
我正在使用清晰的Elastic Beanstalk实例,并且仅为nginx上载以下配置(通过https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/:]
files:
/etc/nginx/conf.d/proxy.conf:
mode: "000644"
owner: root
group: root
content: |
upstream backend {
server xxxxxx.execute-api.xx-xx-x.amazonaws.com:443;
}
server {
listen 80;
servername blablabla.eba-smthng.xx-xx-x.elasticbeanstalk.com;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass https://backend;
}
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
service nginx stop
service nginx start
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
而且我希望对blablabla.eba-smthng.xx-xx-x.elasticbeanstalk.com的所有HTTP请求都将被代理到HTTPS端点xxxxxx.execute-api.xx-xx-x.amazonaws.com。
但是我得到的总是:
$ curl -X POST http://blablabla.eba-smthng.xx-xx-x.elasticbeanstalk.com/some/resource -d "{}"
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
怎么了?
[好,我没有Beantalks就解决了这个问题-仅通过将EC2实例与nginx一起使用。
Config非常简单,我怀疑它也可以在Beantalks中工作:
server {
listen 80;
server_name blablabla.eba-smthng.xx-xx-x.elasticbeanstalk.com;
location / {
proxy_pass https://xxxxxx.execute-api.xx-xx-x.amazonaws.com:443/;
proxy_ssl_session_reuse on;
}
}
保持斜杠很重要,如果proxy_pass具有URI参数,则不需要重写和标头。在我最初的帖子中使用了错误的令牌servername-必须为server_name。