try amazon's solution

2019-04-16 13:57:31 -04:00 · 2019-04-16 13:57:31 -04:00 · 7aa91330ff
parent cd061ddc35
commit 7aa91330ff
1 changed files with 22 additions and 52 deletions
--- a/.ebextensions/03_nginx_proxy.config
+++ b/.ebextensions/03_nginx_proxy.config
@ -1,59 +1,29 @@
 files:
-  /etc/nginx/conf.d/proxy.conf:
+  "/tmp/45_nginx_https_rw.sh":
+    owner: root
+    group: root
    mode: "000644"
-    owner: root
-    group: root
    content: |
-      map $http_upgrade $connection_upgrade {
-        default        "upgrade";
-        ""            "";
-      }
+      #! /bin/bash

-      server {
-        listen 8080;
+      CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf`

-        location / {
-          return 301 https://$host$request_uri;
-        }
-      }
-
-      server {
-        listen 80;
-
-        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
-            set $year $1;
-            set $month $2;
-            set $day $3;
-            set $hour $4;
-        }
-        access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
-        access_log  /var/log/nginx/access.log  main;
-
-        location / {
-            proxy_pass  http://nodejs;
-            proxy_set_header    Connection      $connection_upgrade;
-            proxy_set_header    Upgrade         $http_upgrade;
-            proxy_http_version  1.1;
-            proxy_set_header    Host            $host;
-            proxy_set_header    X-Real-IP       $remote_addr;
-            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-
-        gzip on;
-        gzip_comp_level 4;
-        gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-      }
-
-  /opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
-    mode: "000755"
-    owner: root
-    group: root
-    content: |
-      #!/bin/bash -xe
-      rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
-      service nginx stop
-      service nginx start
+      if [ $CONFIGURED = 0 ]
+        then
+          sed -i '/listen 8080;/a \    if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
+          logger -t nginx_rw "https rewrite rules added"
+          exit 0
+        else
+          logger -t nginx_rw "https rewrite rules already set"
+          exit 0
+      fi

 container_commands:
- removeconfig:
-    command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
+  00_appdeploy_rewrite_hook:
+    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
+  01_configdeploy_rewrite_hook:
+    command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
+  02_rewrite_hook_perms:
+    command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
+  03_rewrite_hook_ownership:
+    command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh