Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Elasticbeanstalk single instance Force SSL Redirect loop

I'm having issues by forcing ssl. I'm using codeigniter and deployed it in AWS single instance with elasticbeanstalk. My htaccess rules below:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

But browser gets in a redirect loop. Whatever i tried didnt solve this problem.

like image 777
Yusuf Can Gürkan Avatar asked Dec 03 '13 22:12

Yusuf Can Gürkan


People also ask

How do I add SSL to Elastic Beanstalk single instance?

Setting up SSL on a load balanced environment is straightforward using the AWS console. Create a certificate using ACM(AWS Certificate Manager) and attach it to your load balancer which should already have a domain pointed to it. But for the single instance environment, extra configuration is required for SSL to work.

How do I redirect traffic to https in the EC2 Elastic load balancer?

Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS.

How can a user rewrite urls with ELB?

Rewriting is not supported by the ELB as you already discovered. 2) Path-based rewriting can be achieved by using Route53 -> CloudFront -> Lambda -> ALB , instead of straight up Route53 -> ALB , as demonstrated here. Save this answer.


1 Answers

As I mentioned in my comment:

in the ssl.conf every call from port 443 is "proxyed" to port 80, so you never get https = on.

I did some tests and I found out that the ProxyPass directive in ssl.conf does not simply redirect every request from port 443 to localhost:80, but basically repeats the request to Apache from scratch, through the port 80 (at least, that's what I understood).

I checked the value of $_SERVER and found out that HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST and HTTP_X_FORWARDED_SERVER are set during a HTTPS request (but they are NOT set during a HTTP request), meanwhile SERVER_ADDR and REMOTE_ADDR are set to 127.0.0.1 during a HTTPS request (but they are set to different values for HTTP requests).

I assume you can easily check if your request was plain HTTP with something like this (check the syntax, I'm rubbish with Apache):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER}   !^$

or

RewriteCond %{ENV:SERVER_ADDR}   !^127\.0\.0\.1

BEWARE: I couldn't find any reference in AWS documentation, it's just an empiric result... they can easily change this behavior!

Happy coding! :)

like image 187
Bruno Belotti Avatar answered Sep 22 '22 13:09

Bruno Belotti