Redirecting EC2 Elastic Load Balancer from HTTP to HTTPS

Solution 1:

AWS Application Load Balancers now support native HTTP to HTTPS redirect.

To enable this in the console, do the the following:

Go to your Load Balancer in EC2 and tab "Listeners"
Select "View/edit rules" on your HTTP listener
Delete all rules except for the default one (bottom)
Edit default rule: choose "Redirect to" as an action, leave everything as default and enter "443" as a port.

Native redirect listener rule

The same can be achieved by using the CLI as described here.

It is also possible to do this in Cloudformation, where you need to set up a Listener object like this:

  HttpListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: HTTP
      DefaultActions:
      - Type: redirect 
        RedirectConfig:
          Protocol: HTTPS
          StatusCode: HTTP_301
          Port: 443

If you still use Classic Load Balancers, go with one of the NGINX configs described by the others.

Solution 2:

ELB sets X-Forwarded-Proto header, you can use it to detect if original request was to HTTP and redirect to HTTPS then.

You can try this in your server conf:

if ($http_x_forwarded_proto = 'http') {
    return 301 https://yourdomain.com$request_uri;
}

Take a look at ELB docs.

Solution 3:

I had the same problem, in my situation HTTPS was handled entirely by ELB and I didn't know my source domain ahead of time so I ended up doing something like:

server {
  listen 81;
  return 301 https://$host$request_uri;
}

server {
  listen 80;
  # regular server rules ...
}

And then of course pointing the ELB 'https' to the instance port 80 and then the 'http' route to the instance port 81.

Solution 4:

The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS”. For the HTTP requests, you can force HTTPS by adding following simple rewrite rule. For me it works fine!

Apache

You can add following lines in your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}

Or if you use vhost.conf for managing multiple domains in same EC2 web server then you can add following to the vhost.conf (add it to the domain you want to use https for it):

<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
...
</VirtualHost>

IIS

Install IIS Url-Rewrite module, using the configuration GUI add these settings:

<rewrite xdt:Transform="Insert">
<rules>
<rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
</rule>
</rules>
</rewrite>

Solution 5:

The htaccess solutions above caused ELB health check to fail. I had some trouble finding the solution until I discovered an article online in which someone had the same issues I had. His solution was to add this to the beginning of the htaccess file instead:

RewriteEngine on 
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

To allow this and other local requests over HTTP while redirecting external requests through the ELB to HTTPS, adjust the rewrite condition to match on http instead of a negative match on https.

Source: Redirecting HTTP to HTTPS with AWS and ELB