How do I redirect HTTP traffic to HTTPS on my Classic Load Balancer?

4 minute read
0

I'm using HTTP and HTTPS listeners on my Classic Load Balancer. My Classic Load Balancer offloads SSL, and the backend connection listens on a single HTTP port (port 80). When I try to redirect traffic from HTTP to HTTPS (port 443), I receive the error "ERR_TOO_MANY_REDIRECTS". How do I resolve this error without changing my backend listener to port 443?

Short description

Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer.

You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients. Otherwise, the rewrite rules can create an infinite loop of redirection requests between your Classic Load Balancer and the instances behind it. Such a loop results in the error "ERR_TOO_MANY_REDIRECTS".

Note: Application Load Balancers can redirect HTTP traffic to HTTPS using redirect actions. Migrate your Classic Load Balancer to an Application Load Balancer to use this feature.

Resolution

Review the following example configurations for Apache, NGINX, and IIS web servers. Configure the web servers behind your Classic Load Balancer to use the X-Forwarded-Proto header to direct traffic based on whether clients use HTTP or HTTPS. Be sure to add rewrite rules to your web servers that:

  • Redirect clients using HTTP to an HTTPS URL
  • Serve clients using HTTPS directly

Important: The following configurations are provided as examples only. Modify them based on your configuration and use case.

Apache servers: Virtual host file method (best practice)

1.    Open your Apache configuration file. Possible locations include /etc/httpd/conf/httpd.conf (Apache 2/httpd), /etc/apache2/sites-enabled/ (Apache 2.4), or /etc/apache2/apache2.conf (Apache on Ubuntu).

2.    Add a rewrite rule to the VirtualHost section of your configuration file similar to the following:

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

3.    Save your Apache configuration file.

4.    Restart Apache.

Apache servers: .htaccess file method (not a best practice)

Warning: It's a best practice to use the Apache virtual host file method described in the previous section. According to the Apache .htaccess files guidelines, use .htaccess files only if you don't have access to the main Apache configuration file.

1.    Open your Apache configuration file. Possible locations include /etc/httpd/conf/httpd.conf (Apache 2/httpd) or /etc/apache2/sites-enabled/ (Apache 2.4).

2.    Edit the Directory directive to enable .htaccess as follows:

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

3.    Save your Apache configuration file.

4.    Open your .htaccess file.

5.    Add a rewrite rule similar to the following:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

6.    Save your .htaccess file.

7.    Restart Apache.

NGINX servers

Note: This resolution applies to NGINX 1.10.3 (Ubuntu) and NGINX 1.12.1 (Amazon Linux).

1.    Open your NGINX configuration file (nginx.conf).

2.    Add the following rewrite rule. Be sure to modify the rewrite rule for your configuration.

server {
    listen 80;
    server_name _;
    if ($http_x_forwarded_proto = 'http'){
    return 301 https://$host$request_uri;
    }
}

3.    Restart NGINX.

IIS servers

Note: This resolution applies to Microsoft Windows Server 2012 R2 and 2016 Base.

1.    Install the IIS URL rewrite module from Microsoft.

2.    Open your web.config file.

3.    Add the following rewrite rule to the <system.webServer> section. Be sure to modify the rewrite rule for your specific configuration.

<rewrite>
    <rules>
        <rule name="Rewrite HTTP to HTTPS" stopProcessing="true">
            <match url="^(.*)$"/>
            <conditions logicalGrouping="MatchAny">
                <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$"/>
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
        </rule>
    </rules>
</rewrite>

4.    Save your web.config file.

5.    Open the IIS Manager.

6.    Refresh the default website.

7.    Verify that your new rewrite rule appears in the URL Rewrite section.

8.    Restart your website.

9.    Verify that your redirection works.


Related information

I receive HTTP 5xx errors when connecting to web servers running on EC2 instances configured to use Classic Load Balancing. How do I troubleshoot these errors?

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago