How can i forcefully redirect http request to https in passenger standalone with aws elastic load balancer?

Asked 10/11, 2017 at 11:6 Answered 23/11, 2017 at 7:5

ruby-on-rails amazon-web-services nginx passenger elastic-load-balancer

I used passenger standalone for my app. currently my app is running on both http and https . i want to redirect all http request to https. I used load balancer in my application. I read this articles

https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/

https://www.phusionpassenger.com/library/config/standalone/intro.html#nginx-configuration-template

http://code.eklund.io/blog/2015/03/17/managing-rewrites-for-a-rails-app-on-heroku-with-nginx-plus-phusion-passenger/

i tried this 2 methods

 if ($http_x_forwarded_proto = "http") { 
            return 301 https://$host$request_uri; 
        }

if ($http_x_forwarded_proto != "https") {
      rewrite ^(.*)$ https://$server_name$REQUEST_URI permanent;
  }

i tried all process in same way. but every time it goes in to infinite loop and before i start passenger the instance terminate itself and create new instance because of too many request timeout.

I can't figure out, whether it is issue of elastic load balancer or passenger config. I think when i stop passenger and user try to access app. the request time out generated and due to that new instance created. i am not sure.

Thanks in advance :)

Assemblage answered 10/11, 2017 at 11:6 Comment(22)

Based on some previous issues with https, I've found that in NGINX configuration you have to add: proxy_set_header X-Forwarded-Proto https; However, if you edit your post and show us your NGINX configuration we might be able to help you more. – Gump 11/11, 2017 at 13:47

@RocKhalil I don't have passenger + NGINX , i used Passenger Standalone. So i don't have nginx config. i only have passenger standalone config which is in erb format. – Assemblage 13/11, 2017 at 5:1

oh okay. I usually use puma and NGINX; sorry that didn't help :-) – Gump 13/11, 2017 at 8:26

Are you using a network load balancer, application load balancer or classic load balancer in ELB? – Bibliophile 13/11, 2017 at 15:28

@CamdenNarzt classic load balancer – Assemblage 14/11, 2017 at 4:40

OK that looks like you are doing things right, can you provide the logs from passenger when the problem occurs? – Bibliophile 14/11, 2017 at 16:0

@CamdenNarzt When i stop passenger and restart the server, the passenger shut down automatically. currently i have not log, I think when i stop passenger and user try to access app. the request time out generated and due to that new instance created. because some time after i stop passenger, the passenger shut down automatically . i have one question, passenger and load balancer is different thing . right ? does it relate ? – Assemblage 16/11, 2017 at 4:41

Yes they are different. Your ELB load balancer distributes incoming network requests to a group of EC2 instances which all run Passenger. Passenger in turn spins up a number of ruby processes running your app, and distributes the requests that it receives to these ruby processes. So Passenger is a different kind of load balancer, operating at the server level instead of the network level. – Bibliophile 16/11, 2017 at 16:18

What is the output of curl -I http://your.domain.here.tld – Bibliophile 16/11, 2017 at 16:19

curl -I http://app.singaporeswimming.com HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Content-Length: 105 Content-Type: text/html Date: Fri, 17 Nov 2017 04:54:54 GMT Location: http://app.singaporeswimming.com/manage Server: nginx/1.8.0 + Phusion Passenger 5.0.14 Status: 301 Moved Permanently X-Powered-By: Phusion Passenger 5.0.14 X-Rack-CORS: preflight-hit; no-origin X-Request-Id: dd0db076-c687-48dc-be1a-28b369a3f2b0 X-Runtime: 0.001350 Connection: keep-alive ` – Assemblage 17/11, 2017 at 4:56

@CamdenNarzt Please check my comment – Assemblage 17/11, 2017 at 4:57

check phusionpassenger.com/library/config/standalone/reference/… – Ares 17/11, 2017 at 5:23

The http->https redirect is not happening, instead another redirect is being returned. Can you post the nginx config template you are using? Also like @Ares said, be sure to use the ssl options such as ssl_port, ssl_certificate, and ssl_certificate_key. – Bibliophile 17/11, 2017 at 15:9

@Ares @CamdenNarzt Here is the file https://textb.org/t/vishal/ . i exactly used this https://www.phusionpassenger.com/library/config/standalone/intro.html#nginx-configuration-template . @puneet18, yes i also used all ssl certificate e.g

passenger start -p 80 --ssl --ssl-certificate /etc/ssl/ssl-bundle.crt --ssl-certificate-key /etc/ssl/app.singaporeswimming.key --ssl-port 443 -d -e production

– Assemblage 20/11, 2017 at 5:7

@CamdenNarzt Did you checked my comment ? – Assemblage 21/11, 2017 at 7:24

That template is out of date, if that's what you got from running cp $(passenger-config about resourcesdir)/templates/standalone/config.erb nginx.conf.erb then you need to update Passenger. – Bibliophile 21/11, 2017 at 16:30

i take n from this official site, and it is not out of date phusionpassenger.com/library/config/standalone/… – Assemblage 22/11, 2017 at 9:12

@vishal yes it is, look at github.com/phusion/passenger/blob/stable-5.1/resources/… it's not the same as what you have at textb.org/t/vishal. – Bibliophile 23/11, 2017 at 15:25

@CamdenNarzt yes, i also tried this, but it is giving me syntax error , for include_passenger_internal_template . i tried all the code of that file, is it version issue ? passenger version is Phusion Passenger version 5.0.14 . – Assemblage 24/11, 2017 at 5:4

Exactly, you should be using Passenger 5.1.12. – Bibliophile 24/11, 2017 at 15:10

@CamdenNarzt Okay , i will update the version of Passenger and will late you know, what happen next. thank you so much for your help :) – Assemblage 27/11, 2017 at 4:35

@CamdenNarzt Finally i updated the version of passenger. gem version of passenger is 5.3.3 and installed passenger system Phusion Passenger version 4.0.53 . i forgot where to write that if condition :( . can you help me out ? – Assemblage 30/7, 2018 at 13:23

I hope your all certificates are installed correctly and pointing to the right path. If not check the below configuration

Passenger.json

{
  "environment": "production",
  "instance_registry_dir": "/var/run/passenger-instreg",
  "daemonize": true,
  "user": "myappuser",
  "port": 443,
  "ssl": true,
  "ssl_certificate": "/path/to/ssl_cert.pem",
  "ssl_certificate_key": "/path/to/ssl_key.pem",
  "nginx_config_template": "/path/to/nginx.conf.erb"
}

You need to use the same configuration which you use for nginx for redirecting from http to https

http {
     server_tokens off;
        server {
            listen 80 default_server;
            listen [::]:80 default_server;

            # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
             return 301 https://$host$request_uri;
     }

Latest Link
Here is the configuration of standalone passenger to redirect from http to https latest_link

Please refer this link

Benford answered 23/11, 2017 at 7:5 Comment(8)

when i applied your solution, the passenger shutdown automatically. whenever i try to stop and start passenger , the passenger shutdown itself. and new instance create multiple times. i don't what is the exact issue. – Assemblage 24/11, 2017 at 4:42

In my staging server, i didn't applied load balancer. and this config applied successfully in staging, the http request redirect to https, but on my live server it is not working because of load balancer may be . – Assemblage 24/11, 2017 at 4:44

One more thing, i think the port value should be 80 and the ssl-port value will be 443 . – Assemblage 24/11, 2017 at 5:35

I am also giving you another link regarding the configuration of standalone passenger it may help you. – Benford 24/11, 2017 at 5:36

I didn't use AWS Elastic Beanstalk :( . when i copy the passenger config.erb file, it is giving me this code textb.org/t/vishal . should i update the whole file with this code phusionpassenger.com/library/deploy/standalone/prod_ssl.html . because i already tried in past. but it was giving me syntax error for include_passenger_internal_template this command. – Assemblage 24/11, 2017 at 5:51

You don't have to copy the entire file. You only need to copy the redirect part from that file – Benford 24/11, 2017 at 5:53

than it is doing the same thing again and again. automatic shut down of passenger . and create new instance without redirecting the http to https. – Assemblage 24/11, 2017 at 5:57

Hey, i updated version of passenger, but forgot where to add https line. can you help me out ? – Assemblage 30/7, 2018 at 13:28

You can do this at the proxy level, or at the app level. To do it at the app level:

# config/environments/production.rb
...
config.force_ssl = true
...

Skerl answered 10/11, 2017 at 16:3 Comment(3)

I tried it at first time, but because of load balancer , it is going in infinite loop. – Assemblage 11/11, 2017 at 3:57

This will result in an infinite loop and finally fail as Vishal has pointed out – Iata 31/5, 2018 at 8:27

"at the proxy level, or at the app level" Redirecting at both will, indeed, cause a redirect loop. – Skerl 31/5, 2018 at 14:9

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags