Menu
I'm setting up ELB for a https website and I have questions concerning the ports configuration...
Right now I have this port configuration on the ELB:
And on my instance I have this Apache configuration:
Apparently it's working but is it the right way to do?
Thank you for your help
Celine
PS: When I started to configure the ELB I indicated 443 forwarding to 443 but then I had to answer strange questions for the authentication...
230
Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer. You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients.
Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers. Amazon ECS services can use these types of load balancer. Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic.
Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS. Or, insert a rule between the existing rules (if appropriate for your use case).
The configuration as described in the question didn't work because it created a never ending redirection: 443(ELB) forwarding to 80(Apache) forwarding to 443(ELB) forwarding to 80(Apache) forwarding to 443(ELB), etc.
So, I modified the ELB configuration to have:
When I created the listener 443 (HTTPS) forwarding to 443 (HTTPS), I didn't get to answer questions concerning the authentication. When I look on the ELB description I can see "Backend Authentication: Disabled"
The Health Check is done on HTTPS:443
(I also modified the instance security group: only the load balancer can access the instance on ports 80 and 443)
Update:
Another solution is to have only port 80 open on the instance:
but to use X-Forwarded-Proto to determine if the client used HTTP or HTTPS and forward to HTTPS only if X-Forwarded-Proto = http
Example with Apache:
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
...
</VirtualHost>
The line RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker has been added so the ELB check is not redirected. See https://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir for other solutions concerning the health check
AWS Documentation concerning X-Forwarded-Proto: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html#x-forwarded-proto
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With