当 Node.js/express.js 在 AWS 负载均衡器后面运行时，如何强制使用 HTTPS

发布于 2024-12-29 03:09:43 字数 200 浏览 4 评论 0原文

我正在 AWS 上运行节点/快速服务，并在其前面部署了 ELB。当我在启用 SSL 的情况下启动 ELB 实例时，它适用于我点击的第一个页面，但此后的每个服务器访问都会切换到 HTTP。

ELB 上的路由规则终止 SSL 并转发到节点正在侦听的端口 8080。

SSL 终止解决方案可以很好地满足我的目的，但如何在 HTTPS 上保留后续服务器调用？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

绝情姑娘 2025-01-05 03:09:43

我遇到过同样的问题，但背景略有不同。我正在使用 AWS Elastic Beanstalk 部署 Node.js/Express 应用程序，并且能够在其上安装 SSL 证书。

结果是我的应用程序可以通过 http 和 https 协议访问。负载均衡器的路由表如下所示：

(Load balancer) http 80 --> (Node instance) http 8080
(Load balancer) https 443 --> (Node instance) http 8080

所以问题是在我的 node.js 应用程序上仅授权 https 连接，但如果最初使用 http 完成连接，则启用重定向到 https。

因为在 AWS 负载均衡器后面，所有通信都是通过 http 完成的，像这样的全局重定向指令（在本例中作为中间件）将创建无限重定向循环：

app.use(function(req, res, next) {
    if((!req.secure) && (req.protocol !== 'https')) {
        res.redirect('https://' + req.get('Host') + req.url);
    }
}

-->只是因为指令 (req.protocol !== 'https') 始终为真！

从这篇博客文章 (http:// /matthew.mceachen.us/blog/howto-force-https-with-amazon-elastic-load-balancer-and-apache-1071.html），事实证明，AWS ELB 添加了一个您可以捕获 X-Forwarded-Proto 标头以了解负载均衡器之前使用的协议（http 或 https）。

所以这个小修改就达到了目的：

app.use(function(req, res, next) {
    if((!req.secure) && (req.get('X-Forwarded-Proto') !== 'https')) {
        res.redirect('https://' + req.get('Host') + req.url);
    }
    else
        next();
});

希望这有帮助！

I have experienced the same issue, but in a slightly different context. I was deploying Node.js/Express application using the AWS Elastic Beanstalk and was able to install an SSL certificate on it.

The result of this was that my application was accessible on both the http and https protocol. The routing table of the load balancer were looking like this :

(Load balancer) http 80 --> (Node instance) http 8080
(Load balancer) https 443 --> (Node instance) http 8080

So the question was to authorize only https connection on my node.js app, but enabling redirection to https if the connection was done initialy using http.

Because behind the AWS load balancer, all the communication are done over http, a global redirection instruction (as a middleware in this case) like this one would create an infinite redirection loop:

app.use(function(req, res, next) {
    if((!req.secure) && (req.protocol !== 'https')) {
        res.redirect('https://' + req.get('Host') + req.url);
    }
}

--> simply becaue the instruction (req.protocol !== 'https') would always be true!

From this blog post (http://matthew.mceachen.us/blog/howto-force-https-with-amazon-elastic-load-balancer-and-apache-1071.html), it turns out that the AWS ELB adds a X-Forwarded-Proto header that you can capture to know what was the protocol used before the load balancer (http or https).

So this small modification did the trick :

app.use(function(req, res, next) {
    if((!req.secure) && (req.get('X-Forwarded-Proto') !== 'https')) {
        res.redirect('https://' + req.get('Host') + req.url);
    }
    else
        next();
});

Hope this help!

回复收藏 0 原文

~没有更多了~