Redirect http to https on Elastic Beanstalk Linux Tomcat 8

Question

For the past several days I have been trying to force my application to forward a non https call to my domain to an https one.

I have a Web Server elastic beanstalk configured with 64bit Amazon Linux 2016.03, v2.2.0 running Tomcat 8 Java 8. I created a folder in my app named .ebextensions with a file named ssl_rewrite.config. The file contains this:

files:
  "/etc/httpd/conf.d/ssl_rewrite.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
      RewriteEngine On
      RewriteCond %{HTTP:X-Forwarded-Proto} !https
      RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

It used to contain this, taken from this example, but I was getting errors for the if statement:

files:
  "/etc/httpd/conf.d/ssl_rewrite.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
        RewriteEngine On
        
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Anyway, when I try to deploy my app it fails and I get this error:

Application update failed at 2016-10-17T01:33:00Z with exit status 1 and error: Hook /opt/elasticbeanstalk/hooks/appdeploy/pre/03_configure_proxy.sh failed.

Executing: /opt/elasticbeanstalk/bin/log-conf -n httpd -l'/var/log/httpd/*'

Executing: /usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf
Syntax error on line 1 of /etc/httpd/conf.d/ssl_rewrite.conf:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
Failed to execute '/usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf'
Failed to execute '/usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf'.

I have already gone into the httpd.conf file and added the line:

LoadModule rewrite_module modules/mod_rewrite.so

Any tips or ideas on what I am doing wrong? Thanks!

Joao Gavazzi · Accepted Answer

For those who struggled for some time, I've found a GitHub (from AWS team) with all AWS configs and the example below works for the HTTP>HTTPS redirection for Apache 2.2. (For configs for Apache 2.4 and Nginx please see the link below).

Apache 2.2

Create a file in the root directory of your app: YOUR_PROJECT_ROOT/.ebextensions/httpd/conf.d/elasticbeanstalk.conf (In case of using IntelliJ / Java make sure it go added to the final .WAR artifact)

Add the following lines to enable the redirection in the virtual host:


    LoadModule rewrite_module modules/mod_rewrite.so
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{HTTP_USER_AGENT} !ELB-HealthChecker
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    
        Order deny,allow
        Allow from all
    

    ProxyPass / http://localhost:8080/ retry=0
    ProxyPassReverse / http://localhost:8080/
    ProxyPreserveHost on

    ErrorLog /var/log/httpd/elasticbeanstalk-error_log

For more examples for Apache 2.4 and Nginx please visit this GitHub repository:

https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect/java-tomcat

Also, there is plenty more useful configuration and examples available.

Regards

Redirect http to https on Elastic Beanstalk Linux Tomcat 8

Answers (2)

Related Questions