diff --git a/bin/aws-eb-docker/.ebextensions/01_metabase.config b/bin/aws-eb-docker/.ebextensions/01_metabase.config
index 01b1b7dad053dd8a5fead6d617d85032b3b0c9f4..eea4d292fd344712e8e59cd108898b45c960db46 100644
--- a/bin/aws-eb-docker/.ebextensions/01_metabase.config
+++ b/bin/aws-eb-docker/.ebextensions/01_metabase.config
@@ -22,7 +22,6 @@ container_commands:
02_server_https:
command: ".ebextensions/metabase_config/metabase-setup.sh server_https"
- test: test $NGINX_FORCE_SSL
ignoreErrors: true
03_log_x_real_ip:
diff --git a/bin/aws-eb-docker/.ebextensions/metabase_config/metabase-setup.sh b/bin/aws-eb-docker/.ebextensions/metabase_config/metabase-setup.sh
index 2f6a9eb1f14a93491269cec9318f4c778f336b5f..a976e37df35cdda28c457cdfe1690cd9c5fff399 100755
--- a/bin/aws-eb-docker/.ebextensions/metabase_config/metabase-setup.sh
+++ b/bin/aws-eb-docker/.ebextensions/metabase_config/metabase-setup.sh
@@ -49,8 +49,95 @@ server_name () {
# enable https redirect
server_https () {
cd /etc/nginx/sites-available/
- if [[ "$NGINX_FORCE_SSL" ]] && ! grep -q https elasticbeanstalk-nginx-docker-proxy.conf ; then
- sed -i 's|location \/ {|location \/ {\n\n if ($http_x_forwarded_proto != "https") {\n rewrite ^ https:\/\/$host$request_uri? permanent;\n }\n|' elasticbeanstalk-nginx-docker-proxy.conf
+ if [[ "x$NGINX_FORCE_SSL" == "x1" ]] # && ! grep -q https elasticbeanstalk-nginx-docker-proxy.conf ;
+ then
+ cat << 'EOF' > elasticbeanstalk-nginx-docker-proxy.conf
+map $http_upgrade $connection_upgrade {
+ default "upgrade";
+ "" "";
+}
+
+server {
+ listen 80;
+
+ gzip on;
+ gzip_comp_level 4;
+ gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+ if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
+ set $year $1;
+ set $month $2;
+ set $day $3;
+ set $hour $4;
+ }
+ access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
+
+ access_log /var/log/nginx/access.log;
+
+ location /api/health {
+ proxy_pass http://docker;
+ proxy_http_version 1.1;
+
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+
+ location / {
+ if ($http_x_forwarded_proto != "https") {
+ rewrite ^ https://$host$request_uri? permanent;
+ }
+
+ proxy_pass http://docker;
+ proxy_http_version 1.1;
+
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+EOF
+ else
+ cat << 'EOF' > elasticbeanstalk-nginx-docker-proxy.conf
+map $http_upgrade $connection_upgrade {
+ default "upgrade";
+ "" "";
+}
+
+server {
+ listen 80;
+
+ gzip on;
+ gzip_comp_level 4;
+ gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+ if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
+ set $year $1;
+ set $month $2;
+ set $day $3;
+ set $hour $4;
+ }
+ access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ proxy_pass http://docker;
+ proxy_http_version 1.1;
+
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+EOF
fi
}