Reputation: 5342
AWS ELB Server-Side HTTPS
I have been working my way though setting up HTTPS using AWS. I have been attempting this with a self-signed certificate and am finding the process a bit problematic.
One question that has come up along the way is this business of server-side HTTPS. The client that I am working with requests that when a user hits the server the URL change to HTTPS. I am wondering if "Server-Side HTTPS" means that the protocol is transparent to the end-user? Will they still see HTTP int the browser?
Thanks.
Upvotes: 1
Views: 1499
Answers (1)
Reputation: 71422
Don't know if this is an exact answer to your question, but rather perhaps a piece of advice. When using ELB, I have found it MUCH easier to install the SSL cert on the ELB and use SSL offload to forward requests from port 443 on ELB to port 80 on the EC2 instances.
The pros of this:
- There is only one place where you need to install the cert rather than having to install across a number of instances (or update AMI and relaunch instances), making cert updates much easier to perform.
- You get better performance on your web servers as they don't have to deal with SSL encryption.
Some cons:
- The communication is not encrypted end-to-end so there is the technical (albeit unlikely) chance that the communication could be intercepted between ELB and servers. If you are dealing with something like PCI compliance this might matter to you.
- If you needed to directly access one of the instances over HTTPS that would not be possible.
- You may need to make sure your application is aware of the https-related headers (i.e.
x-forwarded-proto) that the ELB injects into the request if your application needs to check whether the request is over HTTPS.
There is no reason that this configuration would disallow you from redirecting incoming requests over HTTP to HTTPS. You might however need to look the x-forwarded-proto header to do any web-server or application level redirects to HTTPS. The end user would not have any way of knowing that their HTTPS wrapper for their request was being offloaded at the ELB.
Upvotes: 2
Related Questions
- AWS ELB -> Backend Server over HTTPS with Self-Signed Certificate
- ELB to backend server using HTTPS with self-signed certificate
- Enable https on aws instance with ELB
- Support for two-way TLS/HTTPS with ELB
- Setting up HTTPS for ELB and EC2
- Application ELB forward HTTP to HTTPS
- Redirecting AWS ELB HTTP Requests to HTTPS
- What is SSL security policy for ELB
- ELB and Apache configuration for HTTPS website
- Adding SSL communication between ELB EC2 on AWS and forcing only HTTPS comunication