Category Archives: amazon-elb

Apache where to add rewrite rules? [duplicate]

This question already has an answer here:

I am using AWS Elastic Load balancing on EC2.

I would like to write an Apache rewrite rule to convert incoming traffic to the ELB from http to https.

In order to do so, I have read that i need to update my /etc/httpd/conf/httpd.conf file on the server to contain:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs 
   Redirect permanent / https://mysite.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
  DocumentRoot /usr/local/apache2/htdocs
  SSLEngine On
 # etc...
</VirtualHost>

However, when I view the httpd.conf file, it contains:

# Managed by Elastic Beanstalk
PidFile run/httpd.pid

# Enable TCP keepclive
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 60

<IfModule worker.c>
StartServers        10 
MinSpareThreads     250
MaxSpareThreads     250
ServerLimit         10
MaxClients          250
MaxRequestsPerChild 1000000 
</IfModule>

Listen 80

Include conf.d/*.conf
Include conf.d/elasticbeanstalk/*.conf

User apache
Group apache

CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
TraceEnable off

LoadModule alias_module modules/mod_alias.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
[[email protected] conf]$ pwd
/etc/httpd/conf
[[email protected] conf]$ 

Question

Because the file contains # Managed by Elastic Beanstalk, does that mean I should not modify it? i.e. Will my changes get updated by AWS?

If I should not modify it, where is the best place to add the rewrite rule?

Thanks

Custom response headers missing with AWS load balancer

I am trying to return a custom response header, X-Wrench-Status, from a private backend server on AWS (beanstalk) running Apache/Tomcat responding to a request from a web application. The request is proxied through an internet facing server running Apache. ProxyPass settings and CORS settings are all set up and running properly, have been for months.

The addition of the response header is new and I added

Header always set Access-Control-Expose-Headers "X-Wrench-Status"

to my Apache configuration for this header. That works in my dev environment. But running in production behind AWS Elastic Load Balancers the response header is not passed through. I have tried renaming the header and a few other things to see if some response header filter was just balking at my choice... no luck.

Is there some required configuration I am missing to get this to work?

AWS ELB HTTPS Redirect WordPress

I'd like to force https on a wordpress site. The site is on an was ec2 instance and is being pointed to via an ELB which is forwarding ports http on 80 and https on 443 which is assigned to my certificate.

When i go to my site at https://mysite the https site works. But i'd like to redirect all http to https. I've implemented the HTTP:X-Forwarded-Proto as suggested but the site doesn't forward. What am i missing?! Thanks

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

CGI self-referenced URLs use HTTP instead of HTTPS when using AWS ELB

I have a Perl HTTPS application which runs behind an Elastic Load Balancer (ELB). The HTTPS is terminated by the ELB, which then forwards the requests as HTTP to my instances.

The issue is that, because the instance itself is accessed via HTTP, when I use the CGI module to generate self-referencing URL's, they incorrectly use HTTP instead of HTTPS, so form POSTs fail.

GET request are ok because they're redirected, but anything that uses POST doesn't work.

If I check my CGI environment variables, I have the following...

HTTP_X_FORWARDED_PORT = 443
HTTP_X_FORWARDED_PROTO = https
REQUEST_SCHEME = http
SERVER_PROTOCOL = HTTP/1.1

The CGI module is presumably using REQUEST_SCHEME or SERVER_PROTOCOL to determine that the URLs should use http://.

Is there some way I can fudge the environment variables at the Apache or NGINX level to convince CGI that the site is in fact HTTPS?

Force www in ELB

I have ElasticBeanstalk application using ELB I am trying to enforce www before url. It works in case of standalone server but with ELB it fails. Is there anyway to enforce this with ELB.

Currently my .htaccess looks like this.

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTP_HOST} !=localhost
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTPS}:s on:(s)
    RewriteRule ^(.*)$ http%1://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

How can I work around "Too many redirects error" when trying to direct all web traffic to https with ec2 apache2 ubuntu?

Here is my config file

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/html
    Redirect permanent / https://www.mywebsite.co/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

And when I type in the browser mywebsite.co it successfully redirects me https://mywebsite.co however content does NOT render on the page because of this error (by Google Chrome)

Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

I have an EC2 instance using port 80 to handle http requests and a load balancer handling https requests. I am not sure what to do and none of the solutions I've found online are working.

enter image description here

Apache HTTPD 2.4 and PHP-FPM on CentOS 6.7 access configuration issues

I'm running httpd 2.4.6 on CentOS 6.7 in the AWS (Amazon Web Services) on instance behind the ELB (Elastic Load balancer).

I setup the following virtual host config:

ProxyPassMatch "^/(.*\.php)$" "fcgi://127.0.0.1:9000/mnt/apps/www/$1"
<VirtualHost *:8080>
    ServerName site.com
    DocumentRoot "/mnt/apps/www"
    ProxyErrorOverride On
    RequestReadTimeout header=65 body=65
    RemoteIPInternalProxy 10.128.22.0/24
    RemoteIPHeader X-Forwarded-For
    <Directory />
            Options -Indexes
            Require all denied
    </Directory>
    <Directory "/mnt/apps/www/site/">
            Options FollowSymLinks Includes ExecCGI MultiViews
            <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteBase /site/
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteRule ^.*$ /site/application.php [L]
            </IfModule>
            Require all granted
            ErrorDocument 403 /site/error.html
    </Directory>
    <Directory "/mnt/apps/www/site/admin/">
            Options Includes MultiViews FollowSymLinks ExecCGI
            DirectoryIndex index.php
            Require all denied
            # Allowed from, whitelist
            Require ip 111.111.111.111
            # Show this page if not whitelisted client
            ErrorDocument 403 /site/forbidden.php
    </Directory>
    SetEnvIf User-Agent "^ELB-HealthChecker.*" dontlog
    ErrorLog /var/log/httpd/site.com-error_log
    CustomLog /var/log/httpd/site.com-access_log vhost_combinedio env=!dontlog

The issue that i have is when i go to site.com/admin section all work as expected, but if i will add site.com/admin/index.php it will let me through even if the client ip is not whitelisted.

Is there something wrong with the config?

Thank you in advance!

Apache HTTPD 2.4 and PHP-FPM on CentOS 6.7 access configuration issues

I'm running httpd 2.4.6 on CentOS 6.7 in the AWS (Amazon Web Services) on instance behind the ELB (Elastic Load balancer).

I setup the following virtual host config:

ProxyPassMatch "^/(.*\.php)$" "fcgi://127.0.0.1:9000/mnt/apps/www/$1"
<VirtualHost *:8080>
    ServerName site.com
    DocumentRoot "/mnt/apps/www"
    ProxyErrorOverride On
    RequestReadTimeout header=65 body=65
    RemoteIPInternalProxy 10.128.22.0/24
    RemoteIPHeader X-Forwarded-For
    <Directory />
            Options -Indexes
            Require all denied
    </Directory>
    <Directory "/mnt/apps/www/site/">
            Options FollowSymLinks Includes ExecCGI MultiViews
            <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteBase /site/
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteRule ^.*$ /site/application.php [L]
            </IfModule>
            Require all granted
            ErrorDocument 403 /site/error.html
    </Directory>
    <Directory "/mnt/apps/www/site/admin/">
            Options Includes MultiViews FollowSymLinks ExecCGI
            DirectoryIndex index.php
            Require all denied
            # Allowed from, whitelist
            Require ip 111.111.111.111
            # Show this page if not whitelisted client
            ErrorDocument 403 /site/forbidden.php
    </Directory>
    SetEnvIf User-Agent "^ELB-HealthChecker.*" dontlog
    ErrorLog /var/log/httpd/site.com-error_log
    CustomLog /var/log/httpd/site.com-access_log vhost_combinedio env=!dontlog

The issue that i have is when i go to site.com/admin section all work as expected, but if i will add site.com/admin/index.php it will let me through even if the client ip is not whitelisted.

Is there something wrong with the config?

Thank you in advance!

Nginx is not working with multiple domain when we trying to proxy pass each domain to internal load balancer

Nginx is not working with multiple domain when we trying to proxy pass each domain to internal load balancer

  • facing issue with Architecture:

    Public facing ELB-> web proxyserver(Nginx,doing proxypass)->Internal ELB->Webserver(apache servers)

in webproxy(nginx) we are trying to do proxy_pass multiple domains. But when trying to open yyyy URL we got xxxx content

Below are my configuration nginx.conf file worker_processes auto;

events { > worker_connections 1024; > } > > http { > include mime.types; > default_type application/octet-stream; > > log_format main '$proxy_add_x_forwarded_for - $remote_user [$time_local] - [$request_time] "$request" ' > '$status $body_bytes_sent "$http_referer" ' > '"$http_user_agent"'; > > > access_log /var/log/nginx/nginx.access.log main; > error_log /var/log/nginx/nginx.error.log error; > > sendfile on; > tcp_nopush on; > > #keepalive_timeout 0; > keepalive_timeout 65; > > gzip on; > include /usr/local/nginx/conf.d/*.conf; > > server { > listen 80; server_name xxxx.com; > > access_log /var/log/nginx/xxxxxx.com.access.log main; > error_log /var/log/nginx/xxxxx.com.error.log error; > > index index.php index.html; > > location / { > proxy_pass http://internal-ELB.ap-southeast-1.elb.amazonaws.com:80; > proxy_set_header Host $host; > proxy_set_header X-Real-IP "$remote_addr"; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header "X-Forwarded-Proto" $scheme; > } > } > > server { > listen 80; server_name yyyyy.com; > > access_log /var/log/nginx/yyyy.com.access.log main; > error_log /var/log/nginx/yyyy.com.error.log error; > > index index.php index.html; > > location / { > proxy_pass http://internal-BT-internal.ap-southeast-1.elb.amazonaws.com:80; > proxy_set_header Host $host; > proxy_set_header X-Real-IP "$remote_addr"; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header "X-Forwarded-Proto" $scheme; > } > } > }