AWS Elasticbeanstalk 单实例强制 SSL 重定向循环 [英] AWS Elasticbeanstalk single instance Force SSL Redirect loop

问题描述

我通过强制 ssl 遇到问题.我正在使用 codeigniter 并使用 elasticbeanstalk 将其部署在 AWS 单个实例中.我的 htaccess 规则如下:

RewriteEngine OnRewriteCond %{HTTPS} 关闭RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]重写引擎开启RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-d重写规则 ^(.*)$/index.php/$1 [L]

但浏览器进入重定向循环.我尝试过的任何方法都没有解决这个问题.

解决方案

正如我在评论中提到的:

<块引用>

在 ssl.conf 中，来自端口 443 的每个调用都代理"到端口 80，因此您永远不会打开 https =.

我做了一些测试，我发现 ssl.conf 中的 ProxyPass 指令不是简单地将每个请求从 443 端口重定向到 localhost:80，而是基本上通过端口 80(至少，这就是我的理解).

我检查了 $_SERVER 的值，发现 HTTP_X_FORWARDED_FOR、HTTP_X_FORWARDED_HOST 和 HTTP_X_FORWARDED_SERVER 是在HTTPS 请求(但在 HTTP 请求期间未设置)，同时SERVER_ADDR 和 REMOTE_ADDR 在 HTTPS 请求期间设置为 127.0.0.1(但对于 HTTP 请求，它们设置为不同的值).>

我假设您可以使用这样的东西轻松检查您的请求是否是纯 HTTP(检查语法，我对 Apache 很不满意):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER} !^$

或

RewriteCond %{ENV:SERVER_ADDR} !^127.0.0.1

注意:我在 AWS 文档中找不到任何参考资料，这只是一个经验结果……他们可以轻松改变这种行为！

快乐编码！:)

I'm having issues by forcing ssl. I'm using codeigniter and deployed it in AWS single instance with elasticbeanstalk. My htaccess rules below:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

But browser gets in a redirect loop. Whatever i tried didnt solve this problem.

解决方案

As I mentioned in my comment:

in the ssl.conf every call from port 443 is "proxyed" to port 80, so you never get https = on.

I did some tests and I found out that the ProxyPass directive in ssl.conf does not simply redirect every request from port 443 to localhost:80, but basically repeats the request to Apache from scratch, through the port 80 (at least, that's what I understood).

I checked the value of $_SERVER and found out that HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST and HTTP_X_FORWARDED_SERVER are set during a HTTPS request (but they are NOT set during a HTTP request), meanwhile SERVER_ADDR and REMOTE_ADDR are set to 127.0.0.1 during a HTTPS request (but they are set to different values for HTTP requests).

I assume you can easily check if your request was plain HTTP with something like this (check the syntax, I'm rubbish with Apache):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER}   !^$

or

RewriteCond %{ENV:SERVER_ADDR}   !^127.0.0.1

BEWARE: I couldn't find any reference in AWS documentation, it's just an empiric result... they can easily change this behavior!

Happy coding! :)

这篇关于AWS Elasticbeanstalk 单实例强制 SSL 重定向循环的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！