AWS Elasticbeanstalk单一实例强制SSL重定向循环 [英] AWS Elasticbeanstalk single instance Force SSL Redirect loop

问题描述

我有强制SSL的问题。我使用codeigniter和elasticbeanstalk其部署在AWS实例。下面我htaccess的规则：

I'm having issues by forcing ssl. I'm using codeigniter and deployed it in AWS single instance with elasticbeanstalk. My htaccess rules below:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

不过，浏览器获得了重定向循环。无论我想didnt解决这个问题。

But browser gets in a redirect loop. Whatever i tried didnt solve this problem.

推荐答案

正如我在我的评论中提到：

As I mentioned in my comment:

在ssl.conf中从443端口每一个电话是proxyed到端口80，所以你永远不会得到HTTPS =上。

in the ssl.conf every call from port 443 is "proxyed" to port 80, so you never get https = on.

我做了一些测试，我发现了ProxyPass指令中的ssl.conf并不是简单地重定向从端口443的每个请求到localhost：80，但基本上重复从头请求到Apache，通过端口80（至少，这就是我理解的）。

I did some tests and I found out that the ProxyPass directive in ssl.conf does not simply redirect every request from port 443 to localhost:80, but basically repeats the request to Apache from scratch, through the port 80 (at least, that's what I understood).

我检查了 $ _ SERVER值并发现了 HTTP_X_FORWARDED_FOR HTTP_X_FORWARDED_HOST 和 HTTP_X_FORWARDED_SERVER 的过程中设置一个 HTTPS 请求（但他们是不会 HTTP 请求时设置），同时 SERVER_ADDR 和 REMOTE_ADDR 是一个 HTTPS 请求期间设置为 127.0.0.1 （但将它们设置为不同的值 HTTP 请求）。

I checked the value of $_SERVER and found out that HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST and HTTP_X_FORWARDED_SERVER are set during a HTTPS request (but they are NOT set during a HTTP request), meanwhile SERVER_ADDR and REMOTE_ADDR are set to 127.0.0.1 during a HTTPS request (but they are set to different values for HTTP requests).

我想你可以很容易地检查，如果您的要求是纯HTTP像这样的东西（检查语法，我是垃圾与Apache）：

I assume you can easily check if your request was plain HTTP with something like this (check the syntax, I'm rubbish with Apache):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER}   !^$

或

RewriteCond %{ENV:SERVER_ADDR}   !^127\.0\.0\.1

当心！我找不到在AWS文档的任何引用，它只是一个经验性的结果......他们可以很容易地改变这种行为

编程快乐！ ：）

这篇关于AWS Elasticbeanstalk单一实例强制SSL重定向循环的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！