How do I redirect HTTP traffic to HTTPS on my Classic Load Balancer in ELB?





Avani shows you how to
redirect HTTP traffic to HTTPS
using a load balancer and Apache

redirect-http-https-elb-avani

Issue

I'm using HTTP and HTTPS listeners on my Classic Load Balancer in Elastic Load Balancing (ELB). My Classic Load Balancer offloads SSL, and the backend connection listens on a single HTTP port (port 80). When I try to redirect traffic from HTTP to HTTPS (port 443), I receive the error ERR_TOO_MANY_REDIRECTS. How do I resolve this error without changing my backend listener to port 443?

Short Description

Classic Load Balancers can't redirect HTTP traffic to HTTPS. Instead, you must include rewrite rules on the web servers of Amazon Elastic Compute Cloud (Amazon EC2) instances behind your Classic Load Balancer.

Important: Application Load Balancers can redirect HTTP traffic to HTTPS using redirect actions. You can migrate your Classic Load Balancer to an Application Load Balancer to use this feature.

You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients. If you don't, the rewrite rules can create an infinite loop of redirection requests between your Classic Load Balancer and the instances behind it. Such a loop results in the error ERR_TOO_MANY_REDIRECTS.

Resolution

Review the following example configurations for Apache, NGINX, and IIS web servers. Configure the web servers behind your Classic Load Balancer to use the X-Forwarded-Proto header to direct traffic based on whether clients use HTTP or HTTPS. Be sure to add rewrite rules to your web servers that:

  • Redirect clients using HTTP to an HTTPS URL
  • Serve clients using HTTPS directly

Important: The following configurations are provided as examples only. Modify them based on the application versions you're using and your use case.

Apache servers: virtual host file method (recommended)

1.    Open your Apache configuration file. Possible locations include /etc/httpd/conf/httpd.conf (Apache 2/httpd), /etc/apache2/sites-enabled/ (Apache 2.4), or /etc/apache2/apache2.conf (Apache on Ubuntu).

2.    Add a rewrite rule to the VirtualHost section of your configuration file similar to the following: 

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

3.    Save your Apache configuration file.

4.    Restart Apache.

Apache servers: .htaccess file method (not recommended)

Warning: It's a best practice to use the Apache virtual host file method described in the previous section. According to the Apache .htaccess files guidelines, use .htaccess files only if you don't have access to the main Apache configuration file.

1.    Open your Apache configuration file. Possible locations include /etc/httpd/conf/httpd.conf (Apache 2/httpd) or /etc/apache2/sites-enabled/ (Apache 2.4).

2.    Edit the Directory directive to enable .htaccess as follows: 

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

3.    Save your Apache configuration file.

4.    Open your .htaccess file.

5.    Add a rewrite rule similar to the following: 

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

6.    Save your .htaccess file.

7.    Restart Apache.

NGINX servers

Note: This resolution applies to NGINX 1.10.3 (Ubuntu) and NGINX 1.12.1 (Amazon Linux).

1.    Open your NGINX configuration file (nginx.conf).

2.    Add the following example rewrite rule. Be sure to modify the rewrite rule for your configuration.

server {
    listen 80;
    server_name _;
    if ($http_x_forwarded_proto = 'http'){
    return 301 https://$host$request_uri;
    }
}

3.    Restart NGINX.

IIS servers

Note: This resolution applies to Microsoft Windows Server 2012 R2 and 2016 Base.

1.    Install the IIS URL rewrite module from Microsoft.

2.    Open your web.config file.

3.    Add the following example rewrite rule to the <system.webServer> section. Be sure to modify the rewrite rule for your specific configuration. 

<rewrite>
    <rules>
        <rule name="Rewrite HTTP to HTTPS" stopProcessing="true">
            <match url="^(.*)$"/>
            <conditions logicalGrouping="MatchAny">
                <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$"/>
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
        </rule>
    </rules>
</rewrite>

4.    Save your web.config file.

5.    Open the IIS Manager.

6.    Refresh the default website.

7.    Verify that your new rewrite rule is visible in the URL Rewrite section.

8.    Restart your website.

9.    Verify that your redirection works.

I receive HTTP 5xx errors when connecting to web servers running on EC2 instances configured to use Classic Load Balancing. How do I troubleshoot these errors?

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-08-12

Updated: 2019-03-19