Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ELB and Apache configuration for HTTPS website

Tags:

https

apache

amazon-web-services

amazon-ec2

amazon-elb

I'm setting up ELB for a https website and I have questions concerning the ports configuration...

Right now I have this port configuration on the ELB:

  • 80 (HTTP) forwarding to 80 (HTTP)
  • 443 (HTTPS) forwarding to 80 (HTTP)

And on my instance I have this Apache configuration:

  • requests to *:80 redirected to https://www.mywebsite
  • *:443 configured

Apparently it's working but is it the right way to do?

Thank you for your help

Celine

PS: When I started to configure the ELB I indicated 443 forwarding to 443 but then I had to answer strange questions for the authentication...

like image 230
Céline Aussourd Avatar asked Jun 18 '13 16:06

Céline Aussourd

People also ask

Do Loadbalancer redirect http to HTTPS?

Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer. You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients.

Which load balancer is used to route HTTP HTTPS traffic in AWS?

Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers. Amazon ECS services can use these types of load balancer. Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic.

How can I redirect http requests to HTTPS using an application load balancer?

Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS. Or, insert a rule between the existing rules (if appropriate for your use case).

1 Answers

The configuration as described in the question didn't work because it created a never ending redirection: 443(ELB) forwarding to 80(Apache) forwarding to 443(ELB) forwarding to 80(Apache) forwarding to 443(ELB), etc.

So, I modified the ELB configuration to have:

  • 443 (HTTPS) forwarding to 443 (HTTPS)
  • 80 (HTTP) forwarding to 80 (HTTP)

When I created the listener 443 (HTTPS) forwarding to 443 (HTTPS), I didn't get to answer questions concerning the authentication. When I look on the ELB description I can see "Backend Authentication: Disabled"

The Health Check is done on HTTPS:443

(I also modified the instance security group: only the load balancer can access the instance on ports 80 and 443)

Update:

Another solution is to have only port 80 open on the instance:

  • 80 (HTTP) forwarding to 80 (HTTP)
  • 443 (HTTPS) forwarding to 80 (HTTP)

but to use X-Forwarded-Proto to determine if the client used HTTP or HTTPS and forward to HTTPS only if X-Forwarded-Proto = http

Example with Apache: 

<VirtualHost *:80>
    ...
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    ...
</VirtualHost>

The line RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker has been added so the ELB check is not redirected. See https://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir for other solutions concerning the health check

AWS Documentation concerning X-Forwarded-Proto: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html#x-forwarded-proto

like image 199
Céline Aussourd Avatar answered Sep 22 '22 15:09

Céline Aussourd
Sign in to Comment

Related questions

Serving two websites with Apache with single domain name and single IP address
PHP script protection
How to create Virtual Host from Apache .htaccess?
Passenger Standalone, no need of HTTP Server?
Error: Target WSGI script not found or unable to stat when run django on apache
Shared Apache 2.0 Module vs Static Apache Module
Phalcon PHP Xampp installation - Apache can't find DLL
openssl -connect returns wrong certificate
running hive 0.12 with error of slf4j
What is the difference beetween max connections per route and max connections total in apache HttpClient?
datetime.now() in Django application goes bad
PHP gettext function only returns original untranslated string
CodeIgniter Project Giving 303/Compression Error
Apache: %25 in url (400 Bad Request)
Django on Apache web server 'dict' object has no attribute 'render_context'
cannot load php5apache2_2.dll
NGINX configuration to work with Socket.IO
Returning application/json content-type for .json files on RHEL/Apache
Symfony2 : Failed to start the session because headers have already been sent
htaccess add .php to everything without an extension already

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!