为什么 X-Forwarded-Proto 在 Elastic Beanstalk 上总是设置为 HTTP? [英] Why is X-Forwarded-Proto always set to HTTP on Elastic Beanstalk?
问题描述
嗨.我正在将 ASP.Net Core 应用程序部署到 AWS Elastic Beanstalk.我运行的平台是使用 Nginx 作为代理服务器软件的 64 位 Amazon Linux 2/2.1.5.我在环境配置中为我的负载均衡器设置了一对侦听器.它们的设置如下:
Hi. I'm deploying an ASP.Net Core application to AWS Elastic Beanstalk. The platform I'm running on is 64bit Amazon Linux 2/2.1.5 using Nginx as the proxy server software. I've got a pair of listeners for my load balancer set up in the environment configuration. They are set up as follows:
Port=443 Protocol=HTTPS SSL=certificate Process=default
Port=80 Protocal=HTTP Process=default
而且我只有一个进程:
名称=默认端口=80 协议=HTTPS
在我的 ASP.Net Core 服务器上,我试图检查服务器的原始客户端是否通过 HTTPS 或 HTTP 进行通信.据我了解,请求的 X-Forwarded-Proto
标头应携带此信息.但是,无论客户端如何连接到服务器,X-Forwarded-Proto
的值始终是 http
.为什么 X-Forwarded-Proto
从未设置为 https
,即使从我的网络浏览器连接时也是如此?
On my ASP.Net Core server, I'm trying to check if the original client to the server is communicating over HTTPS or HTTP. As I understand, the X-Forwarded-Proto
header for requests should carry this information. However, the value of X-Forwarded-Proto
is always http
regardless of how a client connects to the server. Why is the X-Forwarded-Proto
not ever set to https
even when connected as so from my web browser?
在此先感谢您的帮助!
推荐答案
问题出在 @MarkB 指出的 Nginx 配置中.AWS Elastic Beanstalk 在 /etc/nginx/conf.d/elasticbeanstalk
中有一个默认配置文件 00_application.conf
,这是罪魁祸首.它有一个声明:
The problem was in the Nginx configuration as pointed out by @MarkB. AWS Elastic Beanstalk has a default configuration file 00_application.conf
in /etc/nginx/conf.d/elasticbeanstalk
that is the culprit. It has a declaration:
proxy_set_header X-Forwarded-Proto $scheme;
需要改为:
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
为了覆盖这个文件,我使用了这里详述的方法:https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html.
我在我部署的项目的根目录中添加了一个文件 .platform/nginx/conf.d/elasticbeanstalk
.它包含:
I added a file .platform/nginx/conf.d/elasticbeanstalk
to the root of my deployed project. It contains:
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
我还必须向我的 ASP.Net Core 应用程序添加一个中间件以使用转发的标头,如本答案所述:在运行 HTTPS 的应用中作为 HTTP 而不是 HTTPS 发送的重定向 URI.
我在 Startup.cs
中添加了以下内容:
I added the following to my Startup.cs
:
public void ConfigureServices(IServiceCollection services)
{
//...
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor |
ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
//...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
//...
app.UseForwardedHeaders();
//...
}
我希望这能帮助其他人!
I hope this helps others!
这篇关于为什么 X-Forwarded-Proto 在 Elastic Beanstalk 上总是设置为 HTTP?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!