try amazon's solution
parent
cd061ddc35
commit
7aa91330ff
|
@ -1,59 +1,29 @@
|
||||||
files:
|
files:
|
||||||
/etc/nginx/conf.d/proxy.conf:
|
"/tmp/45_nginx_https_rw.sh":
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
mode: "000644"
|
mode: "000644"
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
content: |
|
content: |
|
||||||
map $http_upgrade $connection_upgrade {
|
#! /bin/bash
|
||||||
default "upgrade";
|
|
||||||
"" "";
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf`
|
||||||
listen 8080;
|
|
||||||
|
|
||||||
location / {
|
if [ $CONFIGURED = 0 ]
|
||||||
return 301 https://$host$request_uri;
|
then
|
||||||
}
|
sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
|
||||||
}
|
logger -t nginx_rw "https rewrite rules added"
|
||||||
|
exit 0
|
||||||
server {
|
else
|
||||||
listen 80;
|
logger -t nginx_rw "https rewrite rules already set"
|
||||||
|
exit 0
|
||||||
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
|
fi
|
||||||
set $year $1;
|
|
||||||
set $month $2;
|
|
||||||
set $day $3;
|
|
||||||
set $hour $4;
|
|
||||||
}
|
|
||||||
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://nodejs;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
}
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_comp_level 4;
|
|
||||||
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
||||||
}
|
|
||||||
|
|
||||||
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
|
|
||||||
mode: "000755"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
content: |
|
|
||||||
#!/bin/bash -xe
|
|
||||||
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
|
|
||||||
service nginx stop
|
|
||||||
service nginx start
|
|
||||||
|
|
||||||
container_commands:
|
container_commands:
|
||||||
removeconfig:
|
00_appdeploy_rewrite_hook:
|
||||||
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
|
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
|
||||||
|
01_configdeploy_rewrite_hook:
|
||||||
|
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
|
||||||
|
02_rewrite_hook_perms:
|
||||||
|
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
|
||||||
|
03_rewrite_hook_ownership:
|
||||||
|
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
|
||||||
|
|
Loading…
Reference in New Issue