Using Opsworks standard setup/recipes for a Rails app served via Unicorn/nginx layer. SSL is terminated at the Elastic Load Balancer - so traffic to the rails app from ELB is always http. So far so good. I would like to have any request to http://domain.com to be redirected to https://domain.com
ELB has two listeners - one with port 80, and one 443.
I know that if I were running my own nginx I could setup a redirect rule... However, i want to stay within the opsworks way of doing things if possible.
I think the only way to do this in OpsWorks is to create a custom recipe that modifies /etc/nginx/sites-available/#{application}. In your custom cookbook:
somecookbook/recipes/nginx.rb
node[:deploy].each do |application, deploy|
service "nginx" do
supports :status => true
action :nothing
end
# Add HTTP => HTTPS redirect
template "/tmp/http_redirect.conf" do
source "nginx/http_redirect.conf.erb"
end
execute "redirect HTTP to HTTPS" do
cwd "/etc/nginx/sites-available"
command "cat #{application} /tmp/http_redirect.conf > /tmp/#{application}.conf && cat /tmp/#{application}.conf > #{application}"
notifies :restart, "service[nginx]", :immediately
end
end
end
Then in the config:
somecookbook/templates/default/nginx/http_redirect.conf.erb
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}