Issue
Setup
Hi. I'm deploying an ASP.Net Core application to AWS Elastic Beanstalk. The platform I'm running on is 64bit Amazon Linux 2/2.1.5 using Nginx as the proxy server software. I've got a pair of listeners for my load balancer set up in the environment configuration. They are set up as follows:
Port=443 Protocol=HTTPS SSL=certificate Process=default
Port=80 Protocal=HTTP Process=default
And I've got a single process:
Name=default Port=80 Protocol=HTTPS
Problem
On my ASP.Net Core server, I'm trying to check if the original client to the server is communicating over HTTPS or HTTP. As I understand, the X-Forwarded-Proto
header for requests should carry this information. However, the value of X-Forwarded-Proto
is always http
regardless of how a client connects to the server. Why is the X-Forwarded-Proto
not ever set to https
even when connected as so from my web browser?
Thanks in advance for any help!
Solution
The problem was in the Nginx configuration as pointed out by @MarkB. AWS Elastic Beanstalk has a default configuration file 00_application.conf
in /etc/nginx/conf.d/elasticbeanstalk
that is the culprit. It has a declaration:
proxy_set_header X-Forwarded-Proto $scheme;
that needed to be changed to:
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
To overwrite this file, I used the method detailed here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html.
I added a file .platform/nginx/conf.d/elasticbeanstalk
to the root of my deployed project. It contains:
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
I also had to add a middleware to my ASP.Net Core application to use the forwarded headers as noted in this answer: Redirect URI sent as HTTP and not HTTPS in app running HTTPS.
I added the following to my Startup.cs
:
public void ConfigureServices(IServiceCollection services)
{
//...
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor |
ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
//...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
//...
app.UseForwardedHeaders();
//...
}
I hope this helps others!
Answered By - Matthew Miller Answer Checked By - Dawn Plyler (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.