.net Core - 带有 AWS 负载均衡器和 Elastic Beanstalk 的 HTTPS 不起作用 [英] .net Core - HTTPS with AWS Load Balancer and Elastic Beanstalk doesn't work
问题描述
我有一个在本地环境中正确运行 HTTPS 的网站.当我将它上传到 AWS 时,它只是超时或永远重定向.
我在 AWS 中的设置是一个 Elastic Beanstalk 应用程序,一个运行 MS SQL 的 RDS 数据库,我添加了一个负载均衡器来转发 HTTPS 请求,并且我有一个正确分配给负载均衡器的 SSL 证书.据我所知,我的应用程序正在运行,事实上,实体框架启动并在我的 RDS 实例中正确构建了我的数据库.我就是无法通过互联网访问该网站.
我尝试以不同的方式设置监听器.如果我这样设置它们,它只会永远重定向:
如果我这样设置它们,它就会超时:
我有
然后,我在问题中概述的所有代码都需要删除(或不在 AWS 环境中运行).我最初忘记删除 services.Configure 代码行,我相信这就是导致错误的原因.
然后我关注了这个博客 处理 X-Forwarded-Proto 标头.我将所有代码放在一个扩展文件中:
公共静态类 RedirectToProxiedHttpsExtensions{公共静态 RewriteOptions AddRedirectToProxiedHttps(这个 RewriteOptions 选项){options.Rules.Add(new RedirectToProxiedHttpsRule());退货选项;}}公共类 RedirectToProxiedHttpsRule : IRule{public virtual void ApplyRule(RewriteContext context){var request = context.HttpContext.Request;//#1) 这个请求是从 HTTP 开始的吗?字符串请求协议;if (request.Headers.ContainsKey("X-Forwarded-Proto")){reqProtocol = request.Headers["X-Forwarded-Proto"][0];}别的{reqProtocol = (request.IsHttps ? "https" : "http");}//#2) 如果是,则重定向到 HTTPS 等效项if (reqProtocol != "https"){var newUrl = new StringBuilder().Append("https://").Append(request.Host).Append(request.PathBase).Append(request.Path).Append(request.QueryString);context.HttpContext.Response.Redirect(newUrl.ToString(), true);}}}最后,我在 Startup.cs 中调用这段代码:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory){...var 选项 = 新的 RewriteOptions().AddRedirectToProxiedHttps().AddRedirect("(.*)/$", "$1");//删除尾部斜线app.UseRewriter(options);...}毕竟它终于奏效了!
I have a website that runs HTTPS correctly in my local environment. When I upload it to AWS it just times out or redirects forever.
My setup in AWS is an Elastic Beanstalk application, an RDS database running MS SQL, I added a Load Balancer to forward the HTTPS requests, and I have a SSL certificate properly assigned to the Load Balancer. From all I can tell my app is running, in fact, Entity Framework fired off and correctly built my database in my RDS instance. I just can't reach the website through the internet.
I've tried setting the Listeners different ways. If I set them like this, it just redirects forever:
If I set them like this, it just times out:
I have the default HTTP/HTTPS port forwarding code in my Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
// Sets all calls to require HTTPS: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// Force all HTTP requests to redirect to HTTPS: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
var options = new RewriteOptions().AddRedirectToHttps();
app.UseRewriter(options);
...
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor |
ForwardedHeaders.XForwardedProto
});
...
}
I've spent days on this and I can't get it to work. I've tried taking all of my HTTPS code out and that doesn't work. I've tried code solutions from blogs like this and this and that doesn't work either. From what I've read, the Load Balancer ends up handling the HTTPS request and then forwards an HTTP request to my app. But I don't know how to properly handle that, still enforce HTTPS, and redirect HTTP to HTTPS.
This seems like it would be something that would just work out of the box without a bunch of setup from me. If it's not, I would think a lot of other people would have run into this problem by now and there'd be info about it on the internet. Am I missing something small? Because I'm totally at my wit's end about it.
If you can answer this, you'll be my new hero.
So I finally got this fixed. First, the Load Balancer has to be set to forward HTTPS 443 to HTTP 80 like this:
Then, ALL the code I've outlined in my question needs to be deleted (or not run in the AWS environment). I forgot to remove the services.Configure<MvcOptions>(options){} lines of code initially and I believe that was what was causing the error.
Then I followed this blog to handle the X-Forwarded-Proto header. I put all the code in one extension file:
public static class RedirectToProxiedHttpsExtensions
{
public static RewriteOptions AddRedirectToProxiedHttps(this RewriteOptions options)
{
options.Rules.Add(new RedirectToProxiedHttpsRule());
return options;
}
}
public class RedirectToProxiedHttpsRule : IRule
{
public virtual void ApplyRule(RewriteContext context)
{
var request = context.HttpContext.Request;
// #1) Did this request start off as HTTP?
string reqProtocol;
if (request.Headers.ContainsKey("X-Forwarded-Proto"))
{
reqProtocol = request.Headers["X-Forwarded-Proto"][0];
}
else
{
reqProtocol = (request.IsHttps ? "https" : "http");
}
// #2) If so, redirect to HTTPS equivalent
if (reqProtocol != "https")
{
var newUrl = new StringBuilder()
.Append("https://").Append(request.Host)
.Append(request.PathBase).Append(request.Path)
.Append(request.QueryString);
context.HttpContext.Response.Redirect(newUrl.ToString(), true);
}
}
}
Finally, I call this code in Startup.cs:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
var options = new RewriteOptions()
.AddRedirectToProxiedHttps()
.AddRedirect("(.*)/$", "$1"); // remove trailing slash
app.UseRewriter(options);
...
}
After all that it finally worked!
这篇关于.net Core - 带有 AWS 负载均衡器和 Elastic Beanstalk 的 HTTPS 不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
