Monday, June 23, 2014

AWS ELB cannot redirect users from http port to https port automatically

In AWS ELB there is no option to automatically redirect http requests back to https unlike apache httpd, so we will have to allow both ports (http and https) and then use reverse proxy like httpd to have a rewrite rule such as below

1. Have your ELB pass both HTTP and HTTPS traffic on to your backend server as HTTP traffic on port 80. ELB Backend Http -> http Https -> http 2. Create a rewrite rule on your Back end Web-Server For Apache: <VirtualHost *:80> ... RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent] ... </VirtualHost> In the above re-write rule we are utilizing the X-Forwarded-Proto header from the request to do the redirection. The X-Forwarded-Proto request header helps you identify the protocol (HTTP or HTTPS) that a client used to connect to your server. Your server access logs contain only the protocol used between the server and the load balancer; they contain no information about the protocol used between the client and the load balancer. To determine the protocol used between the client and the load balancer, use the X-Forwarded-Proto request header. Elastic Load Balancing stores the protocol used between the client and the load balancer in the X-Forwarded-Proto request header and passes the header along to your server. Your application or website can use the protocol stored in the X-Forwarded-Proto request header to render a response that redirects to the appropriate URL. More information on the X-Forwarded headers http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers

No comments:

Post a Comment