Skip to content

Instantly share code, notes, and snippets.

@sahilsk
Created July 3, 2015 13:11
Show Gist options
  • Save sahilsk/515ee3ff2f014bdf0826 to your computer and use it in GitHub Desktop.
Save sahilsk/515ee3ff2f014bdf0826 to your computer and use it in GitHub Desktop.
Nginx elb configuration with proxy-protocol enable. ELB doesn't support websocket at layer 7. So, we need to configure it at TCP layer
log_format elb_log '$proxy_protocol_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent "$http_referer" ' '"$http_user_agent"';
server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;
server_name localhost;
access_log /var/log/nginx/elb-access_http.log elb_log;
location / {
root /var/www/html;
rewrite ^(.*)$ https://$host$1 permanent;
index index*.html index.htm;
}
}
server {
listen 443 proxy_protocol ssl;
listen [::]:443 proxy_protocol ssl;
server_name localhost;
access_log /var/log/nginx/elb-access_https.log elb_log;
ssl on;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
}
@sahilsk
Copy link
Author

sahilsk commented Jul 3, 2015

At ELB Side we need to make following changes.
ElB will be used as a passthrough. Packets are secured as traffic falling at our backends will have ssl enabled with valid certificates.

healthcheck:

TCP:443

Listeners:

Load Balancer Protocol   | Load Balancer Port |  Instance Protocol  | Instance Port  | Cipher |  SSL Certificate
TCP    |    80  | TCP|  80  |  N/A  |   N/A
TCP  |  443 |   TCP |  443   |  N/A |   N/A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment