在弹性青苗的负载均衡器在IIS通过URL重写重定向到https [英] Redirect to https through url rewrite in IIS within elastic beanstalk's load balancer

问题描述

如何使用IIS的URL重写模块来强制用户使用SSL，而你后面的弹性魔豆负载均衡？

How do you use IIS's url rewrite module to force users to use ssl while you are behind an elastic beanstalk load balancer?

推荐答案

这是比它听起来的几个原因更加困难。一，负载均衡器，以便从负载平衡器传递请求，从不使用SSL照顾的SSL。如果使用传统的重写规则，你会得到重定向无限循环。另一个问题与之抗衡的是，如果它收到一个重定向响应的AWS运行状况检查将失败。

This is more difficult than it sounds for a few reasons. One, the load balancer is taking care of ssl so requests passed from the load balancer are never using ssl. If you use the traditional rewrite rule you will get an infinite loop of redirects. Another issue to contend with is that the AWS healthcheck will fail if it receives a redirect response.

1. 在解决方案的第一步是建立一个healthcheck.html页，并将其设置在根目录中。没关系的内容是什么。
2. 设置负载平衡器使用healthcheck.html文件进行健康检查。

3. 添加重写规则低于你的web.config的＆LT; system.webServer＆GT;＆LT;改写＆GT;＆LT;规则＆GT; 部分：

<rule name="Force Https" stopProcessing="true">
   <match url="healthcheck.html" negate="true" />
   <conditions>
       <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
   </conditions>
   <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>

请注意，该规则匹配是什么，但我们的状况检查文件。这可以确保负载均衡的健康检查会成功，而不是错误地从负载降我们的服务器。

Notice that the rule match is on anything but our healthcheck file. This makes sure the load balancer's health check will succeed and not mistakenly drop our server from the load.

负载均衡传入它可以让我们知道，如果请求是通过HTTPS与否的头在X转发，原值。我们的规则触发，如果该值不在HTTPS和使用https返回一个永久重定向。

The load balancer passes the X-Forwarded-Proto value in the header which lets us know if the request was through https or not. Our rule triggers if that value is not https and returns a permanent redirect using https.

这篇关于在弹性青苗的负载均衡器在IIS通过URL重写重定向到https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！