Redirecting amazon ec2 nodejs instance to HTTPS

Question

I'm running a node/express app on an amazon ec2 instance, no load-balancer, free tier. I'm trying to redirect everything to HTTPS. Everything I've done up until now was through the EB CLI (eb deploy, eb ssh, and so on).

I got a free certificate from letsencrypt (certbot) and I've set up the nginx.conf as explained in this tutorial. I'm able to access both the http and the https versions of the app URL. The http retrieves my nodejs app, but the https returns the default nginx html page (from /usr/share/nginx/html).

I would like to get my nodejs app on HTTPS only and redirect all HTTP requests to HTTPS.

My nginx.conf is as follows:

# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
#
# Modifications of nginx.conf can be performed using container_commands to modify the staged version
# located in /tmp/deployment/config/etc#nginx#nginx.conf

# Elastic_Beanstalk
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

http {

    port_in_redirect off;
    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    keepalive_timeout  65;
# Elastic Beanstalk Modification(EB_INCLUDE)

    log_format healthd '$msec"$uri"'
                       '$status"$request_time"$upstream_response_time"'
                       '$http_x_forwarded_for';
  server {
    listen 80;
    server_name localhost;
    location / {
      # Redirect any http requests to https
      if ($http_x_forwarded_proto != 'https') {
         rewrite ^ https://$host$request_uri? permanent;
      }
    }
  }

    server {
        listen       443 ssl;
        listen       [::]:443 ssl;
        server_name  localhost;

        ssl_certificate "/etc/letsencrypt/live/domain/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/domain/privkey.pem";
        # It is *strongly* recommended to generate unique DH parameters
        # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048
        #ssl_dhparam "/etc/pki/nginx/dhparams.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


include /etc/nginx/conf.d/*.conf;
# End Modification

}

score 0 · Accepted Answer · answered Feb 09 '17 at 06:04

To re-route ports, you can add iptables routing in your EC2 instance, for example:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 443

* Make sure that in EC2 Security Group, the inbound HTTP port 80 source = "Anywhere".

To view the iptables routing entries, run:

sudo iptables -t nat -L

If you need to remove routing entry (first line), run:

sudo iptables -t nat -D PREROUTING 1

Redirecting amazon ec2 nodejs instance to HTTPS

1 Answers1