- 最新
- 投票最多
- 评论最多
Hello,
The X-Forwarded-Port
and X-Forwarded-For
are just headers used to identify the destination port that the client used to connect to the load balancer and the IP address of a client when you use an HTTP or HTTPS load balancer respectively.
It doesn't mean that the application will receive the connection on that port. Instead, what is occurring is that the NGINX container is likely reaching out the Rails application using the HTTP port (without TLS) and it is being redirected due to force_ssl
flag.
If you really need to have TLS for all request path, you'll need to configure something like AppMesh or a custom solution using Envoy.
In general, terminating secure connections at the load balancer and using HTTP on the backend might be sufficient for your application. Network traffic between AWS resources can only be listened to by the instances that are part of the connection. However, if you are developing an application that needs to comply with strict external regulations, you might be required to secure all network connections.
相关内容
- AWS 官方已更新 10 个月前
- AWS 官方已更新 2 年前