On AWS Ec2 instances, your web server is listening on port 80 to accept HTTP connections. Afterward, you configured the Amazon Elastic Load Balancer (ELB) to listen for HTTP and HTTPS traffic and forward all requests to the backend server on port 80 only. The Amazon Elastic Load Balancer (ELB) supports the X-Forwarded-Proto header value, which includes the protocol of the application.
The X-Forwarded-Proto header value of the HTTP request is used in this tutorial, and the rewrite rules are applied if the client protocol is not HTTPS.
Here is how to force a redirect to HTTPS behind AWS ELB using Apache, Nginx, or IIS web servers.
1. Apache
Adding an HTTPS redirection rule to your Apache virtualhost or .htaccess file is an easy way to redirect all traffic to your website to use HTTPS. You can do this by adding the following code to your virtualhost or .htaccess file:
1 2 3 | RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} |
The above code is an example of an HTTPS redirection rule that can be added to an .htaccess file. When this rule is added, it checks if the X-Forwarded-Proto header is not set to HTTPS, and if it isn’t, it redirects all traffic to use HTTPS using the %{SERVER_NAME} and %{REQUEST_URI} variables. This is useful in scenarios where the website is behind a load balancer or a proxy, and the X-Forwarded-Proto header is used to pass information about the client’s protocol to the server. By adding this code to your .htaccess file, all traffic to your website will be redirected to use HTTPS, ensuring that your website is secure and encrypted.
2. Nginx
Edit the Nginx HTTP server block for your domain to configure force redirection. Add the following content under the location block to redirect all HTTP traffic to HTTPS.
1 2 3 4 | location / { if ($http_x_forwarded_proto != 'https') { rewrite ^ https://$host$request_uri? permanent; } |
The above nginx configuration is an example of an HTTPS redirection rule that can be added to a location block in the nginx configuration file. When this rule is added, it checks if the X-Forwarded-Proto header is not set to HTTPS, and if it isn’t, it uses the rewrite directive to redirect all traffic to use HTTPS using the $host and $request_uri variables. The if statement is used to check the http_x_forwarded_proto variable, which is set to HTTPS when the connection is secure. By adding this code to your nginx configuration file, all traffic to your website will be redirected to use HTTPS, ensuring that your website is secure and encrypted.
3. IIS
The windows servers with IIS web server edit or create the web.config file and add the following code under the section:
1 2 3 4 5 6 7 8 9 10 11 | <rewrite> <rules> <rule name="AWS ELB Forece Redirect to HTTPS" stopProcessing="true"> <match url="^(.*)$" ignoreCase="false" /> <conditions> <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" /> </conditions> <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule> </rules> </rewrite> |
Conclusion
By following these four steps, you can easily redirect your website to HTTPS behind an AWS load balancer. With an SSL/TLS certificate, load balancer configuration, redirect rule creation, and DNS record update, you can ensure that all traffic to your website is encrypted and secure.