Wednesday, July 11, 2012

HTTP to HTTPS Redirect with Amazon ELB and Apache

Recently, I had to force https traffic in one of the project for the production server setup in AWS. My configuration looks as below.

I have ELB configured to load balance end users requests to the Apache on the backend. The ELB listeners are configured as below 

HTTP Port 80 -> 80
HTTPS Port 443 -> 443 with backend authentication disabled.

Both the listeners are configured with ELB cookie stickiness policy.

With HTTP/HTTPS termination, ELB sets a X-Forwarded-Proto header that allows you to tell which protocol the client used to connect to your load balancer. We can use this header with mod_rewrite rule to force https traffic. Here's the configuration changes done 
 <VirtualHost *:80>
  ...
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
  ...
 </VirtualHost>
(this assumes your health status is on /status, which doesn't require https)
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)