By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I redirect HTTP traffic to HTTPS on my ELB Classic Load Balancer?

4 minute read
0

I use HTTP and HTTPS listeners on my Elastic Load Balancing (ELB) Classic Load Balancer. My Classic Load Balancer offloads SSL, and the backend connection listens on a single HTTP port (port 80). When I try to redirect traffic from HTTP to HTTPS (port 443), I receive the error "ERR_TOO_MANY_REDIRECTS".

Short description

Classic Load Balancer doesn't support redirect HTTP traffic to HTTPS as a native feature. To make this work, you must configure your rewrite rules on the web server instances behind the Classic Load Balancer.

Configure the rewrite rules on the web application servers to use the X-Forwarded-Proto header and redirect requests that are HTTP. Otherwise, the rewrite rules can create an infinite loop of redirection requests between your Classic Load Balancer and the instances behind your load balancer. Such a loop results in the error "ERR_TOO_MANY_REDIRECTS".

Note: Application Load Balancers support redirect actions that can be used to redirect HTTP traffic to HTTPS. To use this feature, migrate your Classic Load Balancer to an Application Load Balancer.

Resolution

Review the following example configurations for Apache, NGINX, and IIS web servers. Configure the web servers behind your Classic Load Balancer to use the X-Forwarded-Proto header to direct traffic based on whether clients use HTTP or HTTPS. Be sure to add rewrite rules to your web servers that:

  • Use HTTP to redirect clients to an HTTPS URL
  • Use HTTPS to directly serve clients

Note: Modify the following example configurations based on your configuration and use case.

Apache servers: Virtual host file method

It's a best practice to use the following method to configure your web servers:

  1. Open your Apache configuration file. Possible locations include /etc/httpd/conf/httpd.conf (Apache 2/httpd), /etc/apache2/sites-enabled/ (Apache 2.4), or /etc/apache2/apache2.conf (Apache on Ubuntu).

  2. Add a rewrite rule to the VirtualHost section of your configuration file similar to the following:

    <VirtualHost *:80>RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

  3. Save your Apache configuration file.

  4. Restart Apache.

Apache servers: .htaccess file method

If you don't have access to the main Apache configuration file, then use .htaccess files. For more information, see the When (not) to use .htaccess files section on the Apache HTTP Server Tutorial: .htaccess files page from the Apache website.

To configure your web servers, complete the following steps:

  1. Open your Apache configuration file. Possible locations include /etc/httpd/conf/httpd.conf (Apache 2/httpd) or /etc/apache2/sites-enabled/ (Apache 2.4).

  2. Edit the Directory directive to turn on .htaccess:

    <Directory "/var/www/html">    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

  3. Save your Apache configuration file.

  4. Open your .htaccess file.

  5. Add a rewrite rule similar to the following:

    RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

  6. Save your .htaccess file.

  7. Restart Apache.

NGINX servers

Note: This resolution applies to NGINX 1.10.3 (Ubuntu) and NGINX 1.12.1 (Amazon Linux).

Complete the following steps:

  1. Open your NGINX configuration file (nginx.conf).

  2. Add the following rewrite rule. Be sure to modify the rewrite rule for your configuration:

    server {    listen 80;
    server_name _;
    if ($http_x_forwarded_proto = 'http'){
    return 301 https://$host$request_uri;
    }
}

  3. Restart NGINX.

IIS servers

Note: This resolution applies to Microsoft Windows Server 2012 R2 and 2016 Base.

Complete the following steps:

  1. Install the IIS URL rewrite module. For more information, see URL rewrite on the Microsoft website.

  2. Open your web.config file.

  3. Add the following rewrite rule to the <system.webServer> section. Modify the rewrite rule for your specific configuration:

    <rewrite>
    <rules>
        <rule name="Rewrite HTTP to HTTPS" stopProcessing="true">
            <match url="^(.*)$"/>
            <conditions logicalGrouping="MatchAny">
                <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$"/>
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
        </rule>
    </rules>
</rewrite>

  4. Save your web.config file.

  5. Open the IIS Manager.

  6. Refresh the default website.

  7. Check that your new rewrite rule appears in the URL Rewrite section.

  8. Restart your website.

  9. Verify that your redirection works.

Related information

Why do I receive an HTTP 5xx error when I connect to web servers that run on EC2 instances that are configured to use Classic Load Balancing?

Topics
Networking & Content Delivery
Tags
Elastic Load Balancing
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago
No comments

Relevant content