Home / server / Questions / 873658
Accepted
Silly Dude
Asked: 2017-09-15 05:55:31 +0800 CST

How to redirect HTTP to HTTPS on AWS Application Load Balancer?

  • 772

Our website needs HIPAA compliance so everything needs to be encrypted. I don't want client to get an error message when they put in "http://mysite.com", so I need to support both HTTP and HTTPS, and redirect HTTP to HTTPS. Am I right?

I did it correctly on the web servers. So if I directly connect to the web servers, HTTP is automatically redirected to HTTPS. All good.

But the web servers are sitting behind an AWS Application Load Balancer. I don't know how to redirect HTTP to HTTPS on the ELB. So client browsers can still connect to the ELB through HTTP.

How to set up HTTP => HTTPS on an AWS Application Load Balancer?

In other words, I am sure the connection between the ELB and web servers are HTTPS, but how to make sure the connection between the client browsers and the ELB are HTTPS?

amazon-web-services

4 Answers

  1. As of July 2018, this is supported on application load balancers.

    • Add/Edit your HTTP:80 listener
    • Set the action to Redirect
    • protocol: https
    • port: 443
    • set the next dropdown to Original host, path, query
    • set the last dropdown to 301 - Permanently moved

    Image of settings for an HTTP to HTTPS listener on AWS application load balancer

    • 15

  2. Usually what happens is that the ELB is set to receive https (port 443) and forward to EC2 instance (load balancer target) on http (port 80).

    The backend web server redirects these requests to port 443 on the load balancer, causing an infinite loop of redirection (between the load balancer and the backend web server).

    A common error message is ERR_TOO_MANY_REDIRECTS.

    The solution is to look at the X-Forwarded-Proto, which is the protocol as seen by the load balancer, when deciding on redirection.

    For nginx the config will look like this:

    server {
    listen   80;
    server_name    www.example.org;   
    if ($http_x_forwarded_proto = 'http') {
         return 301 https://$server_name$request_uri;   
    }
}

    and for apache .htaccess something like this:

    RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

    NOTE: Although one might think it would be convenient if this could be handled without webserver reconfiguration, as of spring 2018 there is no way of solving this using only ELB, i.e. you must configure your webserver to make this work.

    • 1

  3. As of today, the listeners configuration doesn't give the option to redirect HTTP.

    If you want to do it, you have to edit your nginx configuration.

    You need to be careful not stop the LB from sending HTTP healthchecks. That can be avoided by configuring healthchecks to use HTTPS or by carefully considering it in the nginx configuration file.

    This is the configuration I use to write the forwarding configuration in my Elastic Beanstalk environment: Elastic Beanstalk configuration to redirect HTTP to HTTPS (place this inside .ebextensions folder and deploy)

    You can either use it if you are using EB or you can read the configuration and write it manually.

    • 1
  4. Best Answer

    You can add the below listed configuration to your .htaccess file. But before that make sure mod_rewrite is enabled on server and .htaccess file is not denied. 

    RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

    For detailed explanation kindly go through the official documentation from aws end. https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/

    • -4