I host a small Java-based JAR-packaged webapp on AWS ELB using a custom domain. I upload a ZIP file like:
myapp.zip
* myapp.jar
I've configured a certificate using AWS CM and am able to access my application via both http://www.example.com as well as https://www.example.com.
Now I need to force HTTPS always. And I'm completely lost on how to do it.
I saw a number of answers like "configure your nginx":
https://stackoverflow.com/questions/24603620/redirecting-ec2-elb-from-http-to-https
https://aws.amazon.com/de/premiumsupport/knowledge-center/redirect-http-https-elb/
http://www.emind.co/how-to/how-to-force-https-behind-aws-elb/
Other answers goint in the same direction.
While I can understand the idea of the rewriter rule like:
if ($http_x_forwarded_proto = 'http') {
return 301 https://www.example.com$request_uri;
}
What I'm missing is how to actually add this the AWS ELB nginx.
What I've tried last was adding .ebextensions\nginx\conf.d\my.conf to my ZIP archive:
myapp.zip
* myapp.jar
* .ebextensions
* nginx
* conf.d
* my.conf
Contents:
if ($http_x_forwarded_proto = 'http') {
return 301 https://www.example.com$request_uri;
}
This gives me the following error:
2016/12/24 12:08:27 [emerg] 22709#0: "if" directive is not allowed here in /var/elasticbeanstalk/staging/nginx/conf.d/myconf:1
I guess the sytnax of my.conf is not right. I was hoping my.conf will extend the AWS ELB nginx configuration, but apparently it does not. And I'd really like to avoid having the full nginx configuration in my .ebextensions. I don't even know where to get it.
Best Answer
I have finally figured it out. I had to put my configuration in
\.ebextensions\nginx\conf.d\elasticbeanstalk\*.conf, for instance\.ebextensions\nginx\conf.d\elasticbeanstalk\force-https.conf.Contents are:
This gets included in the AWS ELB config file automatically:
So no need to copy/override the whole
nginx.conf.