Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTP to HTTPS Redirects for AWS ELB and Tomcat7 server

I have one subdomain(test.XXXX.com) pointed to AWS ELB that accepts HTTP(80) and HTTPS(443) requests. I have configured SSL certificated for for 443 for HTTPS connection. I have tried doing HTTP to HTTPS redirects at Tomcat level by changing web.xml and server.xml as mentioned in

http://www.journaldev.com/160/steps-to-configure-ssl-on-tomcat-and-setup-auto-redirect-from-http-to-https

But the problem is that I need one endpoint for AWS ELB health check that does not do the HTTP to HTTPS redirect. I have tried different solution but no success.I also tried

   <security-constraint>
                <web-resource-collection>
                        <web-resource-name>Protected Context</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>

                <user-data-constraint>
                        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
    </security-constraint>
   <security-constraint>
                <web-resource-collection>
                        <web-resource-name>Protected Context</web-resource-name>
                        <url-pattern>/XXXXX/XXXXXX.html</url-pattern>
                </web-resource-collection>

    </security-constraint>

And my server server.xml has following configuration as

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />


<Connector port="443" maxThreads="2000" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/home/XXXXX/XXXXX.keystore" 
               keystorePass="XXXXX" clientAuth="false" keyAlias="XXXX" 
               sslProtocol="TLS" protocol="org.apache.coyote.http11.Http11Protocol"/>

But when try to access it through browser it gives exception as ERR_TOO_MANY_REDIRECTS.

enter image description here

like image 240
MasterCode Avatar asked Aug 19 '17 11:08

MasterCode


People also ask

How do I redirect AWS load balancer to HTTPS?

Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS. Or, insert a rule between the existing rules (if appropriate for your use case).

How do I redirect HTTP traffic to HTTPS on my classic load balancer in ELB?

Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer. You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients.


2 Answers

Now AWS ELB supports two new actions: redirect and fixed-response. You can configure these actions as part of the content-based routing rules, enabling you to offload this functionality to the load balancer

With redirect actions, the load balancer can redirect incoming requests from one URL to another URL. This includes the capability to redirect HTTP requests to HTTPS requests.

like image 89
Ashan Avatar answered Nov 15 '22 19:11

Ashan


I have a solution to your problem but it does not concern tomcat. You could use a Cloudfront distribution.
Let me underline a few key configs for achieving this through a Cloudfront Distribution:

  • Choose a Web Distribution
  • Select your ELB in the dropdown for Origin Domain Name. origin Path will be blank and Origin Id is just an identifier of your choice.
  • Now under Default Cache Behavior Settings please choose Redirect HTTP to HTTPS for the Viewer Protocol Policy. Please go through all other settings carefully and select whats appropriate for you. They should be fairly simple and straightforward. (Please enter your domain name- test.xxxx.com for alternate domain names)
  • Click on create distribution.
  • Once the distribution is created, go to the distribiution and go to the behaviours tab.
  • here you ll see that there is already a default entry. Go to Create Behaviour, type in your path pattern. so if your healthcheck url is test.xxxx.com/healthcheck then your path pattern becomes /healthcheck.
  • Please choose HTTP and HTTPS for the Viewer Protocol Policy.
  • Finally, in your route53, please add a record for your domain and point it to the cloudfront distribution that you just created.

So effectively what this does is, it takes the redirection off of tomcat and is handled at the cloudfront level. All requests by default are redirected to HTTPS while just for the /healthcheck path HTTP requests are allowed. Redirection need not be handled at lower levels. Please let me know if this works for you. Also, please note that route53 and cloudfront changes take time to propogate. so please wait sufficiently enough for a successful test

like image 31
Avinragh Avatar answered Nov 15 '22 19:11

Avinragh