How can i forcefully redirect http request to https in passenger standalone with aws elastic load balancer?

Question

I used passenger standalone for my app. currently my app is running on both http and https . i want to redirect all http request to https. I used load balancer in my application. I read this articles

https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/

https://www.phusionpassenger.com/library/config/standalone/intro.html#nginx-configuration-template

http://code.eklund.io/blog/2015/03/17/managing-rewrites-for-a-rails-app-on-heroku-with-nginx-plus-phusion-passenger/

i tried this 2 methods

1)

 if ($http_x_forwarded_proto = "http") { 
            return 301 https://$host$request_uri; 
        }

2)

if ($http_x_forwarded_proto != "https") {
      rewrite ^(.*)$ https://$server_name$REQUEST_URI permanent;
  }

i tried all process in same way. but every time it goes in to infinite loop and before i start passenger the instance terminate itself and create new instance because of too many request timeout.

I can't figure out, whether it is issue of elastic load balancer or passenger config. I think when i stop passenger and user try to access app. the request time out generated and due to that new instance created. i am not sure.

Thanks in advance :)

Based on some previous issues with https, I've found that in NGINX configuration you have to add: `proxy_set_header X-Forwarded-Proto https;` However, if you edit your post and show us your NGINX configuration we might be able to help you more. — Roc Khalil, Nov 11 '17 at 13:47
@RocKhalil I don't have passenger + NGINX , i used Passenger Standalone. So i don't have nginx config. i only have passenger standalone config which is in erb format. — Vishal, Nov 13 '17 at 05:01
oh okay. I usually use puma and NGINX; sorry that didn't help :-) — Roc Khalil, Nov 13 '17 at 08:26
Are you using a network load balancer, application load balancer or classic load balancer in ELB? — Camden Narzt, Nov 13 '17 at 15:28
OK that looks like you are doing things right, can you provide the logs from passenger when the problem occurs? — Camden Narzt, Nov 14 '17 at 16:00
@CamdenNarzt When i stop passenger and restart the server, the passenger shut down automatically. currently i have not log, I think when i stop passenger and user try to access app. the request time out generated and due to that new instance created. because some time after i stop passenger, the passenger shut down automatically . i have one question, passenger and load balancer is different thing . right ? does it relate ? — Vishal, Nov 16 '17 at 04:41
Yes they are different. Your ELB load balancer distributes incoming network requests to a group of EC2 instances which all run Passenger. Passenger in turn spins up a number of ruby processes running your app, and distributes the requests that it receives to these ruby processes. So Passenger is a different kind of load balancer, operating at the server level instead of the network level. — Camden Narzt, Nov 16 '17 at 16:18
`curl -I http://app.singaporeswimming.com` `HTTP/1.1 301 Moved Permanently` `Cache-Control: no-cache` `Content-Length: 105` `Content-Type: text/html` `Date: Fri, 17 Nov 2017 04:54:54 GMT` `Location: http://app.singaporeswimming.com/manage` `Server: nginx/1.8.0 + Phusion Passenger 5.0.14` `Status: 301 Moved Permanently` `X-Powered-By: Phusion Passenger 5.0.14` `X-Rack-CORS: preflight-hit; no-origin` `X-Request-Id: dd0db076-c687-48dc-be1a-28b369a3f2b0` `X-Runtime: 0.001350` `Connection: keep-alive` ` — Vishal, Nov 17 '17 at 04:56
check https://www.phusionpassenger.com/library/config/standalone/reference/#--ssl-port-ssl_port — puneet18, Nov 17 '17 at 05:23
The http->https redirect is not happening, instead another redirect is being returned. Can you post the nginx config template you are using? Also like @puneet18 said, be sure to use the ssl options such as `ssl_port`, `ssl_certificate`, and `ssl_certificate_key`. — Camden Narzt, Nov 17 '17 at 15:09
@puneet18 @CamdenNarzt Here is the file `https://textb.org/t/vishal/` . i exactly used this `https://www.phusionpassenger.com/library/config/standalone/intro.html#nginx-configuration-template` . @puneet18, yes i also used all ssl certificate e.g `passenger start -p 80 --ssl --ssl-certificate /etc/ssl/ssl-bundle.crt --ssl-certificate-key /etc/ssl/app.singaporeswimming.key --ssl-port 443 -d -e production` — Vishal, Nov 20 '17 at 05:07
That template is out of date, if that's what you got from running `cp $(passenger-config about resourcesdir)/templates/standalone/config.erb nginx.conf.erb` then you need to update Passenger. — Camden Narzt, Nov 21 '17 at 16:30
i take n from this official site, and it is not out of date https://www.phusionpassenger.com/library/config/standalone/intro.html#nginx-configuration-template — Vishal, Nov 22 '17 at 09:12
@vishal yes it is, look at https://github.com/phusion/passenger/blob/stable-5.1/resources/templates/standalone/config.erb it's not the same as what you have at https://textb.org/t/vishal/. — Camden Narzt, Nov 23 '17 at 15:25
@CamdenNarzt yes, i also tried this, but it is giving me syntax error , for `include_passenger_internal_template` . i tried all the code of that file, is it version issue ? passenger version is `Phusion Passenger version 5.0.14` . — Vishal, Nov 24 '17 at 05:04
@CamdenNarzt Okay , i will update the version of Passenger and will late you know, what happen next. thank you so much for your help :) — Vishal, Nov 27 '17 at 04:35
@CamdenNarzt Finally i updated the version of passenger. gem version of passenger is `5.3.3` and installed passenger system `Phusion Passenger version 4.0.53` . i forgot where to write that if condition :( . can you help me out ? — Vishal, Jul 30 '18 at 13:23

Aniket Tiwari · Answer 1 · 2017-11-24T05:40:38.747

2

I hope your all certificates are installed correctly and pointing to the right path. If not check the below configuration

Passenger.json

{
  "environment": "production",
  "instance_registry_dir": "/var/run/passenger-instreg",
  "daemonize": true,
  "user": "myappuser",
  "port": 443,
  "ssl": true,
  "ssl_certificate": "/path/to/ssl_cert.pem",
  "ssl_certificate_key": "/path/to/ssl_key.pem",
  "nginx_config_template": "/path/to/nginx.conf.erb"
}

You need to use the same configuration which you use for nginx for redirecting from http to https

http {
     server_tokens off;
        server {
            listen 80 default_server;
            listen [::]:80 default_server;

            # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
             return 301 https://$host$request_uri;
     }

Latest Link
Here is the configuration of standalone passenger to redirect from http to https latest_link

Please refer this link

edited Nov 24 '17 at 05:40

answered Nov 23 '17 at 07:05

Aniket Tiwari

3,561
4
21
61

when i applied your solution, the passenger shutdown automatically. whenever i try to stop and start passenger , the passenger shutdown itself. and new instance create multiple times. i don't what is the exact issue. – Vishal Nov 24 '17 at 04:42
In my staging server, i didn't applied load balancer. and this config applied successfully in staging, the http request redirect to https, but on my live server it is not working because of load balancer may be . – Vishal Nov 24 '17 at 04:44
One more thing, i think the port value should be 80 and the ssl-port value will be 443 . – Vishal Nov 24 '17 at 05:35
I am also giving you another link regarding the configuration of standalone passenger it may help you. – Aniket Tiwari Nov 24 '17 at 05:36
I didn't use `AWS Elastic Beanstalk` :( . when i copy the passenger config.erb file, it is giving me this code https://textb.org/t/vishal/ . should i update the whole file with this code https://www.phusionpassenger.com/library/deploy/standalone/prod_ssl.html . because i already tried in past. but it was giving me syntax error for `include_passenger_internal_template` this command. – Vishal Nov 24 '17 at 05:51
You don't have to copy the entire file. You only need to copy the redirect part from that file – Aniket Tiwari Nov 24 '17 at 05:53
than it is doing the same thing again and again. automatic shut down of passenger . and create new instance without redirecting the http to https. – Vishal Nov 24 '17 at 05:57
Hey, i updated version of passenger, but forgot where to add https line. can you help me out ? – Vishal Jul 30 '18 at 13:28

score 1 · Answer 2 · answered Nov 10 '17 at 16:03

1

You can do this at the proxy level, or at the app level. To do it at the app level:

# config/environments/production.rb
...
config.force_ssl = true
...

answered Nov 10 '17 at 16:03

Daniel Westendorf

3,375
18
23

2

I tried it at first time, but because of load balancer , it is going in infinite loop. – Vishal Nov 11 '17 at 03:57
This will result in an infinite loop and finally fail as Vishal has pointed out – Sigu Magwa May 31 '18 at 08:27
"at the proxy level, _or_ at the app level" Redirecting at both will, indeed, cause a redirect loop. – Daniel Westendorf May 31 '18 at 14:09

How can i forcefully redirect http request to https in passenger standalone with aws elastic load balancer?

2 Answers2