为什么 X-Forwarded-Proto 在 Elastic Beanstalk 上总是设置为 HTTP? [英] Why is X-Forwarded-Proto always set to HTTP on Elastic Beanstalk?

问题描述

嗨.我正在将 ASP.Net Core 应用程序部署到 AWS Elastic Beanstalk.我运行的平台是使用 Nginx 作为代理服务器软件的 64 位 Amazon Linux 2/2.1.5.我在环境配置中为我的负载均衡器设置了一对侦听器.它们的设置如下:

Hi. I'm deploying an ASP.Net Core application to AWS Elastic Beanstalk. The platform I'm running on is 64bit Amazon Linux 2/2.1.5 using Nginx as the proxy server software. I've got a pair of listeners for my load balancer set up in the environment configuration. They are set up as follows:

• Port=443 Protocol=HTTPS SSL=certificate Process=default
• Port=80 Protocal=HTTP Process=default

而且我只有一个进程:

名称=默认端口=80 协议=HTTPS

在我的 ASP.Net Core 服务器上，我试图检查服务器的原始客户端是否通过 HTTPS 或 HTTP 进行通信.据我了解，请求的 X-Forwarded-Proto 标头应携带此信息.但是，无论客户端如何连接到服务器，X-Forwarded-Proto 的值始终是 http.为什么 X-Forwarded-Proto 从未设置为 https，即使从我的网络浏览器连接时也是如此?

On my ASP.Net Core server, I'm trying to check if the original client to the server is communicating over HTTPS or HTTP. As I understand, the X-Forwarded-Proto header for requests should carry this information. However, the value of X-Forwarded-Proto is always http regardless of how a client connects to the server. Why is the X-Forwarded-Proto not ever set to https even when connected as so from my web browser?

在此先感谢您的帮助！

推荐答案

问题出在 @MarkB 指出的 Nginx 配置中.AWS Elastic Beanstalk 在 /etc/nginx/conf.d/elasticbeanstalk 中有一个默认配置文件 00_application.conf，这是罪魁祸首.它有一个声明:

The problem was in the Nginx configuration as pointed out by @MarkB. AWS Elastic Beanstalk has a default configuration file 00_application.conf in /etc/nginx/conf.d/elasticbeanstalk that is the culprit. It has a declaration:

proxy_set_header    X-Forwarded-Proto     $scheme;

需要改为:

proxy_set_header    X-Forwarded-Proto     $http_x_forwarded_proto;

---

为了覆盖这个文件，我使用了这里详述的方法:https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html.

我在我部署的项目的根目录中添加了一个文件 .platform/nginx/conf.d/elasticbeanstalk.它包含:

I added a file .platform/nginx/conf.d/elasticbeanstalk to the root of my deployed project. It contains:

location / {
    proxy_pass          http://127.0.0.1:5000;
    proxy_http_version  1.1;
    proxy_cache_bypass  $http_upgrade;
    proxy_set_header    Upgrade               $http_upgrade;
    proxy_set_header    Connection            $http_connection;
    proxy_set_header    Host                  $host;
    proxy_set_header    X-Forwarded-For       $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto     $http_x_forwarded_proto;
}

---

我还必须向我的 ASP.Net Core 应用程序添加一个中间件以使用转发的标头，如本答案所述:在运行 HTTPS 的应用中作为 HTTP 而不是 HTTPS 发送的重定向 URI.

我在 Startup.cs 中添加了以下内容:

I added the following to my Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    //...
    services.Configure<ForwardedHeadersOptions>(options =>
    {
        options.ForwardedHeaders =
            ForwardedHeaders.XForwardedFor |
            ForwardedHeaders.XForwardedProto;
        options.KnownNetworks.Clear();
        options.KnownProxies.Clear();
    });
    //...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    //...
    app.UseForwardedHeaders();
    //...
}

我希望这能帮助其他人！

I hope this helps others!

这篇关于为什么 X-Forwarded-Proto 在 Elastic Beanstalk 上总是设置为 HTTP?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！