AWS ALB redirect to https

Question

My Apache servers are behind an ALB/ELB. I'm terminating SSL at the load balancer. The load balancer listens on both 80 and 443. I want to redirect all http requests to https.

I have this rewrite rule in place in the vhost config:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

This works, but the issue is that I also have redirects in an htaccess file. When a redirect happens through the htaccess file, it redirects to http first and then the vhost config redirect picks it up and redirects to https. I want to eliminate the extra http redirect.

http://mysite.example.com/sub 301 https://mysite.example.com/sub 301 http://mysite.example.com/newsub - this redirect is htaccess 301 https://mysite.example.com/newsub 200

I'd like to gracefully get around having the htaccess redirect to http first. I can get around this by adding https://%{HTTP:Host} to rewrite rules. Is this the best way to do this:

RewriteRule ^sub$ https://%{HTTP:Host}/newsub [R=301,L]

Answer 1

If your web servers are running behind an AWS Application Load Balancer and you configured at least one listener for HTTP port 80, you can redirect http to https directly by doing this:

1. Go to EC2 Console, then Load Balancing and Load Balancers from left menu.
2. Click on your ALB name checkbox, then select Listeners Tab. If you create two listeners for HTTP and HTTPS go to step 4.
3. If you did not set a HTTPS Listener on Load Balancer's first creation, then click on Add Listener. Choose HTTPS and Port (443 usually). In Default action(s) select Forward to... option and then your Target Group for your Load Balancer. Weight it's ok in 1. Choose the appropriate Security policy and then add your Default SSL certificate for your case (you must have a ssl certificate registered on AWS Certificate Manager or AWS IAM). Then click on Save. Test your settings going to https://load-balancer-dns-name or https://your-server-dns-name
4. To configure HTTP redirection, select the HTTP:80 checkbox and click on Edit button. In the Default action(s) click the thrash icon to remove Forward to current setting. Then click on Add action and select Redirect to option. Common values for this section are HTTPS, 443 port, Original host, path, query and 301 - Permanently moved. Finally, click on Update button at the right top of the page.
5. Now test going to http://load-balancer-dns-name or http://your-server-dns-name and you will be redirected to HTTPS.

Hope it helps!