Forcing SSL on bound subdomain

Reclaim Cloud
#1

Hi clouders,

I’ve spun up an instance of etherpad on a Reclaim Cloud environment. In order to bind it to a different subdomain, the topology now contains NGINX load balancer, with a Let’sEncrypt Certbot addon. That worked nicely! However, if you access the etherpad over HTTP, it doesn’t force redirect to HTTPS. How would you recommend I go about this?

Many thanks!

Bryan

1 Like
#2

Hi Bryan,

That is a good question and I just figured it out. There is a plugin already available in Etherpad that will let you do this, it is called ep_xforwardedproto_redir (ep_xforwardedproto_redir - npm), how is that for simple, descriptive naming conventions :slight_smile:

I installed it on my Etherpad and it worked. It is already available in the plugin manager, just click install and the site will automatically force https:

Hope this helps, big fan!
Jim

#3

Thanks Jim! That was speedy.

This didn’t seem to make any difference to my setup though. I wonder if it’s A) due to me using a mapped domain. Or B) not knowing enough how to setup a suitable topology…

1 Like
#4

Hey Bryan,

I just tinkered a bit more, can you send me the admin credentials via DM so I can take a look at something? There may be another way, but I want to compare a few things before I go that route.

#5

Hey Jim - a further clue - I’ve been watching the run logs for etherpad (nice feature of Jelastic by the way!) as the app has been used live - and this keeps popping up:

[33m[2020-09-15 11:50:18.388] [WARN] console - e[39mep_xforwardedfor_redir.expressConfigure: plugin activated but header x-forwarded-proto not defined.

I reckon the traffic coming from the NGINX load balancer doesn’t have that header defined. I wonder is that configurable on NGINX using a docker variable?

Bryan

#6

Nice sleuthing, I might need to tag @timmmmyboyor @cblankenship on this given they are more adroit with the load balancer, but when I checked why mine was working I realized it was not using a custom domain, so I think you are right—how does that feel? To be right, that is!

#7

It feels good! But let’s see what @timmmmyboy has to say… :slight_smile:

#8

I found this StackOverflow article on forcing https redirects in nginx which helped ssl - Jelastic Nginx http to https redirect - Stack Overflow

I added the following code here under the nginx-jelastic.conf file in the server section

Screen Shot 2020-09-17 at 8.54.53 AM
Screen Shot 2020-09-17 at 8.54.53 AM1970×826 127 KB 

if ($http_x_forwarded_proto != "https") {
  return 301 https://$host$request_uri;
}

Screen Shot 2020-09-17 at 8.57.35 AM
Screen Shot 2020-09-17 at 8.57.35 AM2018×844 144 KB

Then I saved the file and restarted the Load Balancer node and redirects appear to be working.

2 Likes
#9

ROCK NOT ROT! And some for the 20 character limit

#10

That’s super helpful @timmmmyboy - thank you!

I’ll let you know how I get on. :slight_smile:

#11

This worked a treat. Thanks for the screenshots too - very helpful!

2 Likes
#12

This topic was automatically closed after 365 days. New replies are no longer allowed.