When a user types http:// in the browser instead of https:// it is an insecure connection. Therefore we need to redirect the user to https:// version of the protocol, which creates a secure, encrypted connection. Typically the best setup is to configure the web server for only allowing HTTPS requests, and redirecting any HTTP request to HTTPS.
Create file 00_nginx_https_rw.config in .ebsextensions/ folder as below:
files:
"/tmp/45_nginx_https_rw.sh":
owner: root
group: root
mode: "000644"
content: |
#! /bin/bash
CONFIGURED=`grep -c "return 301 https" /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf`
if [ $CONFIGURED = 0 ]
then
sed -i '/listen 8080;/a \ if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }\n' /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
logger -t nginx_rw "https rewrite rules added"
exit 0
else
logger -t nginx_rw "https rewrite rules already set"
exit 0
fi
container_commands:
00_appdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/appdeploy/enact
01_configdeploy_rewrite_hook:
command: cp -v /tmp/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact
02_rewrite_hook_perms:
command: chmod 755 /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
03_rewrite_hook_ownership:
command: chown root:users /opt/elasticbeanstalk/hooks/appdeploy/enact/45_nginx_https_rw.sh /opt/elasticbeanstalk/hooks/configdeploy/enact/45_nginx_https_rw.sh
Commit the file
Deploy by running eb deploy
The part with sed -i ‘/listen 8080’ finds that pattern in the file called
/etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
It then inserts the http_x_forwarded_proto section in that configuration file. Then logs what it just did. That’s it.
Reference: stack overflow
Forcing NGINX to forward http to https