.net Core-带有AWS Load Balancer和Elastic Beanstalk的HTTPS不起作用 [英] .net Core - HTTPS with AWS Load Balancer and Elastic Beanstalk doesn't work
问题描述
我有一个在我的本地环境中正确运行HTTPS的网站。当我将其上传到AWS时,它只是超时或永远重定向。
我在AWS中的设置是Elastic Beanstalk应用程序,即运行MS SQL的RDS数据库,我添加了负载平衡器转发HTTPS请求,并且我有一个SSL证书已正确分配给负载平衡器。从我所知,我的应用程序正在运行,实际上,实体框架已启动并在RDS实例中正确构建了我的数据库。我只是无法通过互联网访问该网站。
我试图以不同的方式设置监听器。如果我这样设置它们,它将永远重定向:
如果我这样设置它们,那只是时间输出:
我有
然后,我在问题中概述的所有代码都需要删除(或不在AWS环境中运行)。我最初忘记删除 services.Configure< MvcOptions>(选项){} 的代码行,并且我相信这是导致错误的原因。
然后我关注了此博客来处理X-Forwarded-Proto标头。我将所有代码放在一个扩展文件中:
公共静态类RedirectToProxiedHttpsExtensions
{
public static RewriteOptions AddRedirectToProxiedHttps(此RewriteOptions选项)
{
options.Rules.Add(new RedirectToProxiedHttpsRule());
个返回选项;
}
}
公共类RedirectToProxiedHttpsRule:IRule
{
public virtual void ApplyRule(RewriteContext context)
{
var request = context.HttpContext.Request;
//#1)此请求是否以HTTP开头?
字符串reqProtocol;
if(request.Headers.ContainsKey( X-Forwarded-Proto)))
{
reqProtocol = request.Headers [ X-Forwarded-Proto] [0];
}
else
{
reqProtocol =(request.IsHttps? https: http);
}
//#2)如果是,则重定向到等效于HTTPS的
if(reqProtocol!= https)
{
var newUrl =新的StringBuilder()
.Append( https://).Append(request.Host)
.Append(request.PathBase).Append(request.Path)
.Append(request.QueryString);
context.HttpContext.Response.Redirect(newUrl.ToString(),true);
}
}
}
最后,我将此代码称为在Startup.cs中:
public void Configure(IApplicationBuilder应用程序,IHostingEnvironment env,ILoggerFactory loggerFactory)
{
...
var选项=新的RewriteOptions()
.AddRedirectToProxiedHttps()
.AddRedirect((。*)/ $, $ 1); //删除尾部斜杠
app.UseRewriter(options);
...
}
毕竟,它终于奏效了! p>
I have a website that runs HTTPS correctly in my local environment. When I upload it to AWS it just times out or redirects forever.
My setup in AWS is an Elastic Beanstalk application, an RDS database running MS SQL, I added a Load Balancer to forward the HTTPS requests, and I have a SSL certificate properly assigned to the Load Balancer. From all I can tell my app is running, in fact, Entity Framework fired off and correctly built my database in my RDS instance. I just can't reach the website through the internet.
I've tried setting the Listeners different ways. If I set them like this, it just redirects forever:
If I set them like this, it just times out:
I have the default HTTP/HTTPS port forwarding code in my Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
// Sets all calls to require HTTPS: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// Force all HTTP requests to redirect to HTTPS: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
var options = new RewriteOptions().AddRedirectToHttps();
app.UseRewriter(options);
...
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor |
ForwardedHeaders.XForwardedProto
});
...
}
I've spent days on this and I can't get it to work. I've tried taking all of my HTTPS code out and that doesn't work. I've tried code solutions from blogs like this and this and that doesn't work either. From what I've read, the Load Balancer ends up handling the HTTPS request and then forwards an HTTP request to my app. But I don't know how to properly handle that, still enforce HTTPS, and redirect HTTP to HTTPS.
This seems like it would be something that would just work out of the box without a bunch of setup from me. If it's not, I would think a lot of other people would have run into this problem by now and there'd be info about it on the internet. Am I missing something small? Because I'm totally at my wit's end about it.
If you can answer this, you'll be my new hero.
So I finally got this fixed. First, the Load Balancer has to be set to forward HTTPS 443 to HTTP 80 like this:
Then, ALL the code I've outlined in my question needs to be deleted (or not run in the AWS environment). I forgot to remove the services.Configure<MvcOptions>(options){} lines of code initially and I believe that was what was causing the error.
Then I followed this blog to handle the X-Forwarded-Proto header. I put all the code in one extension file:
public static class RedirectToProxiedHttpsExtensions
{
public static RewriteOptions AddRedirectToProxiedHttps(this RewriteOptions options)
{
options.Rules.Add(new RedirectToProxiedHttpsRule());
return options;
}
}
public class RedirectToProxiedHttpsRule : IRule
{
public virtual void ApplyRule(RewriteContext context)
{
var request = context.HttpContext.Request;
// #1) Did this request start off as HTTP?
string reqProtocol;
if (request.Headers.ContainsKey("X-Forwarded-Proto"))
{
reqProtocol = request.Headers["X-Forwarded-Proto"][0];
}
else
{
reqProtocol = (request.IsHttps ? "https" : "http");
}
// #2) If so, redirect to HTTPS equivalent
if (reqProtocol != "https")
{
var newUrl = new StringBuilder()
.Append("https://").Append(request.Host)
.Append(request.PathBase).Append(request.Path)
.Append(request.QueryString);
context.HttpContext.Response.Redirect(newUrl.ToString(), true);
}
}
}
Finally, I call this code in Startup.cs:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
var options = new RewriteOptions()
.AddRedirectToProxiedHttps()
.AddRedirect("(.*)/$", "$1"); // remove trailing slash
app.UseRewriter(options);
...
}
After all that it finally worked!
这篇关于.net Core-带有AWS Load Balancer和Elastic Beanstalk的HTTPS不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
