Redirect all http requests behind Amazon ELB to https without using if

redirect http nginx https amazon-elb

Currently I have an ELB serving both http://www.example.org and https://www.example.org.

I would like to set it up so any request pointing to http://www.example.org is redirect to https://www.example.org.

The ELB sends the https requests as http requests, so using:

server {
      listen         80;
       server_name    www.example.org;
       rewrite        ^ https://$server_name$request_uri? permanent;
}

will not work because requests made to https://www.example.org will still be made to port 80 on nginx.

I know it's possible to rewrite it as 

server {
      listen         80;
      server_name    www.example.org;
      if ($http_x_forwarded_proto != "https") {
          rewrite ^(.*)$ https://$server_name$1 permanent;
      }
}

But everything I've read said that if should be avoided at all costs within nginx configuration, and this would be for every single request. Also, it means I have to set up a special separate configuration for the health check (as described here: "…when you are behind an ELB, where the ELB is acting as the HTTPS endpoint and only sending HTTP traffic to your server, you break the ability to respond with an HTTP 200 OK response for the health check that the ELB needs").

I'm considering putting the login in the code of the web application rather than the nginx configuration (and for the purposes of this question let's assume it's a Django-based application), but I'm not certain whether that would be more overhead than the if in configuration.


Solution 1:

If it's working correctly like that, don't be scared of it. http://wiki.nginx.org/IfIsEvil

It is important to note that the behaviour of if is not inconsistent, given two identical requests it will not randomly fail on one and work on the other, with proper testing and understanding ifs can be used. The advice to use other directives where available still very much apply, though.

Solution 2:

  1. Setup your AWS ELB mapping ELB:80 to instance:80 and ELB:443 to instance:1443.
  2. Bind nginx to listen on port 80 and 1443.
  3. Forward requests arriving at port 80 to port 443.
  4. Health check should be HTTP:1443. It rejects the HTTP:80 because the 301 redirect.

aws elb setup

NGINX Setup

    server {
       listen         80;
       server_name    www.example.org;
       rewrite        ^ https://$server_name$request_uri? permanent;
    }

    server {
       listen         1443;
       server_name    www.example.org;
   }

Related

Which IMAP flags are reliably supported across most mail servers?
What's the difference between /etc/cron.d and /var/spool/cron?
Apache in Docker: How do I "access.log"?
How can OpenGL graphics be displayed remotely using VNC?
mdf file cannot be overwritten when restoring a database in SQL Server
Why are some champions considered to be better at blue/red side?
Which character is best for killing Bastion from behind Reinhardt?
Skyrim Teleportation
What quest is the object Dravin's Bow from?
Where does the term "dropship" come from? [closed]
What is this game with skeletal characters?
How is 300 actions a minute possible?