我有一个Rails应用程序,在AWS ELB后面有一个NGINX反向代理。我在ELB上终止SSL并且我配置了NGINX以强制任何尝试将HTTP重写为HTTPS。此设置工作正常,但我也通过ECS服务该站点,并且由于ELB运行状况检查在HTTP端口80上,当它获得重定向并返回301时,ELB运行状况检查失败并且实例已取消注册。
如何设置NGINX以通过HTTPS发送除健康检查文件以外的所有文件?
这是我在nginx.conf中的服务器块:
server {
listen 80;
server_name localhost;
root /var/www/html;
location ~ ^elbcheck\.html$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://rails_app;
break;
}
location / {
proxy_redirect off;
proxy_next_upstream error;
if ($http_x_forwarded_proto != "https") {
rewrite ^ https://$host$request_uri? permanent;
}
try_files $uri $uri/ @proxy;
}
location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff|woff2|map)$ {
proxy_cache APP;
proxy_cache_valid 200 1d;
proxy_cache_valid 404 5m;
proxy_ignore_headers "Cache-Control";
expires 1d;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://rails_app;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://rails_app;
}
}
我有同样的问题,并在互联网上的某个地方找到了这个答案(不再有源,它是在不久前)
server {
listen 80;
set $redirect_to_https 0;
if ($http_x_forwarded_proto != 'https') {
set $redirect_to_https 1;
}
if ($request_uri = '/status') {
set $redirect_to_https 0;
}
if ($redirect_to_https = 1) {
return 301 https://$host$request_uri;
}
...
}
找到一个简单的答案,在this post工作得很好。这是@ceejayoz在那里建议的:
server { location /elb-status { access_log off; return 200; } }
似乎工作 - 由于健康检查失败,ECS没有终止我的服务。