Forcing SSL on bound subdomain

Hi clouders,

I’ve spun up an instance of etherpad on a Reclaim Cloud environment. In order to bind it to a different subdomain, the topology now contains NGINX load balancer, with a Let’sEncrypt Certbot addon. That worked nicely! However, if you access the etherpad over HTTP, it doesn’t force redirect to HTTPS. How would you recommend I go about this?

Many thanks!

Bryan

1 Like

Hi Bryan,

That is a good question and I just figured it out. There is a plugin already available in Etherpad that will let you do this, it is called ep_xforwardedproto_redir (https://www.npmjs.com/package/ep_xforwardedproto_redir), how is that for simple, descriptive naming conventions :slight_smile:

I installed it on my Etherpad and it worked. It is already available in the plugin manager, just click install and the site will automatically force https:

Hope this helps, big fan!
Jim

Thanks Jim! That was speedy.

This didn’t seem to make any difference to my setup though. I wonder if it’s A) due to me using a mapped domain. Or B) not knowing enough how to setup a suitable topology…

1 Like

Hey Bryan,

I just tinkered a bit more, can you send me the admin credentials via DM so I can take a look at something? There may be another way, but I want to compare a few things before I go that route.

Hey Jim - a further clue - I’ve been watching the run logs for etherpad (nice feature of Jelastic by the way!) as the app has been used live - and this keeps popping up:

[33m[2020-09-15 11:50:18.388] [WARN] console - e[39mep_xforwardedfor_redir.expressConfigure: plugin activated but header x-forwarded-proto not defined.

I reckon the traffic coming from the NGINX load balancer doesn’t have that header defined. I wonder is that configurable on NGINX using a docker variable?

Bryan

Nice sleuthing, I might need to tag @timmmmyboyor @cblankenship on this given they are more adroit with the load balancer, but when I checked why mine was working I realized it was not using a custom domain, so I think you are right—how does that feel? To be right, that is!

It feels good! But let’s see what @timmmmyboy has to say… :slight_smile:

I found this StackOverflow article on forcing https redirects in nginx which helped https://stackoverflow.com/a/57799060

I added the following code here under the nginx-jelastic.conf file in the server section

if ($http_x_forwarded_proto != "https") {
  return 301 https://$host$request_uri;
}

Then I saved the file and restarted the Load Balancer node and redirects appear to be working.

1 Like

ROCK NOT ROT! And some for the 20 character limit

That’s super helpful @timmmmyboy - thank you!

I’ll let you know how I get on. :slight_smile:

This worked a treat. Thanks for the screenshots too - very helpful!

2 Likes