How to redirect to https when using load balancer in front of nginx

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How to redirect to https when using load balancer in front of nginx

Palvelin Postmaster
I have AWS ALB in front of an instance running nginx. I want to terminate https at the load balancer.

I have setup ALB's http listener to redirect http to https and forward https to the instance’s port 80.

I’m switching from using apache to nginx. My apache currently responds on a single port 80. In my apache config these directives are used to redirect traffic.

        RewriteCond %{HTTPS} off
        RewriteCond %{HTTP:X-Forwarded-Proto} !https
        RewriteRule ^(.*)$ <a href="https://%">https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
        SetEnv HTTPS "on"
        SetEnv HTTP_X_FORWARDED_PROTO ”https”

As simple as it may be, I can’t figure out how to match this setup with nginx. With the following simple config most requests work but apparently assets in some of my pages have the scheme hardcoded and they don’t get rewritten.

server {
        listen 80;
        set_real_ip_from 172.31.0.0/16;
        real_ip_header X-Forwarded-For;
        server_name ”my.server.com";
        root /var/www/;
        access_log /var/log/nginx/access-.log main_ext;
        error_log /var/log/nginx/error.log notice;
  }

--
Palvelin.fi Hostmaster
[hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: How to redirect to https when using load balancer in front of nginx

adrian.hilt
In order to redirect http to https, you have to define a listener rule in
the ALB that redirects all traffic on port 80 to port 443 (of the ALB) with
the original path and query parameters. The status code should be a 301
(permanent redirection). That's the context between the client and the ALB.

The certificate for the domain(s) will be installed in the ALB.

The target group for the ALB would contain the http target (or be filled in
by an auto-scaling group's members in case you have multiple targets from an
auto-scaling group). Your application server would only see http requests
coming from the ALB. You won't get any https requests.

The important point about rewriting http requests (from the client
perspective) to https requests (client perspective again) is to define that
rule in the ALB, and make that rule redirect requests for all paths.

On the other hand, why do you need the ALB if you have an NGINX in there,
anyway? I would rather settle for a simple NLB and handle http/https
redirections etc. in the NGINX itself.

Cheers,
--j.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285559,285561#msg-285561

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: How to redirect to https when using load balancer in front of nginx

Palvelin Postmaster


> On 4 Sep 2019, at 18.32, j94305 <[hidden email]> wrote:
>
> In order to redirect http to https, you have to define a listener rule in
> the ALB that redirects all traffic on port 80 to port 443 (of the ALB) with
> the original path and query parameters. The status code should be a 301
> (permanent redirection). That's the context between the client and the ALB.
>
> The certificate for the domain(s) will be installed in the ALB.
>
> The target group for the ALB would contain the http target (or be filled in
> by an auto-scaling group's members in case you have multiple targets from an
> auto-scaling group). Your application server would only see http requests
> coming from the ALB. You won't get any https requests.
>
> The important point about rewriting http requests (from the client
> perspective) to https requests (client perspective again) is to define that
> rule in the ALB, and make that rule redirect requests for all paths.

Yes, I believe this I have setup in ALB, as I tried to explain (poorly, maybe):

alb-my-server-com | HTTP:80
(1 rule)
        Redirect to: https://#{host}:443/#{path}?#{query}
        Status code: HTTP_301

The issue I outlined happens with nginx regardless.
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: How to redirect to https when using load balancer in front of nginx

Palvelin Postmaster
In reply to this post by adrian.hilt

> On 4 Sep 2019, at 18.32, j94305 <[hidden email]> wrote:
>
> On the other hand, why do you need the ALB if you have an NGINX in there,
> anyway? I would rather settle for a simple NLB and handle http/https
> redirections etc. in the NGINX itself.

Is it possible to terminate SSL at NLB with multiple certificates for different domains in a single instance?
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx