Configuring nginx proxy for .NET app running on AWS Linux 2 using Elastic Beanstalk

Question

I work for a small tech start up and we have a micro service .NET application using Microsoft Identity Server hosted in AWS Elastic Beanstalk running on Windows servers. We are wanting to migrate our servers to AWS Linux 2 and have successfully deployed one API service running on AWS Linux 2 with no issues.

I am now attempting to get one of our front end web servers to deploy to a new AWS Linux 2 Elastic Beanstalk application and have been having issues.

We use a Microsoft Identity Server running in AWS (currently on a Windows server). By looking through logs and reading numerous sites I discovered that, due to how the nginx proxy server works when the login request hits our Identity Server it is no longer coming from https. This led me to discover this article: https://serverfault.com/questions/917511/nginx-proxy-to-aws-elb-not-passing-https-protocol-to-backend-instances. It appears that the solution was related to adding this line to the nginx.conf:

proxy_set_header X-Forwarded-Ssl on;

We are not manually installing or configuring nginx, instead we simply chose this option as the proxy server in the Elastic Beanstalk configuration. AWS Console Proxy Server Image

This AWS Documentation article gives instructions on where to put configuration files in our source code in order to deploy additions or our own nginx.conf, but doesn't give an example of what the file should look like or needs to look like as I'm not sure where additions get imported into the base Elastic Beanstalk nginx.conf: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html

I saw in this post (Redirect URI sent as HTTP and not HTTPS in app running HTTPS that we need to use

ForwardedHeadersOptions forwardedHeadersOptions = new ForwardedHeadersOptions()
                {
                    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
                };

                forwardedHeadersOptions.KnownNetworks.Clear();
                forwardedHeadersOptions.KnownProxies.Clear();

                app.UseForwardedHeaders(forwardedHeadersOptions);

However, I'm uncertain at this point how to properly configure nginx to redirect HTTP to HTTPS in the conf and also exactly at what level in our source code this configuration would need to reside.

I've tried putting this file

location / {

    proxy_set_header X-Forwarded-Proto $scheme;
}

in this path in my source code: /.platform/nginx/config.d/https.conf

But this has been unsuccessful. Any help anyone can give is greatly appreciated!

Answer 1

This is a common scenario where you would want to modify your nginx config for any kind of changes. the approach that you are following even if it works by pushing the file manually. But as and when the auto scaling happens or worse when the node fails for any xyz reason this state cannot be maintained by beanstalk as it is not aware of the config and then it will get lost.

What we used to do was to use .ebextensions. Here you maintain the configs which beanstalk understands and reads it. you can do all sorts of changes with this. This way beanstalk will remember what state to maintain every-time

The documentation is here but not with good examples - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html

One re:Post article is also there - https://repost.aws/knowledge-center/elastic-beanstalk-configuration-files

You can refer to this article for easy reference. https://medium.com/swlh/using-ebextensions-to-extend-nginx-default-configuration-in-aws-elastic-beanstalk-189b844ab6ad