Redirect http to https using Application Load Balancer

Question

I am using an application load balancer to map certain paths to one server (Apache) and other paths to another server (Tomcat).

I made all pages on my site available via https by setting up an https listener on the load balancer.

So that requests from client to load balancer are encrypted but from load balancer to servers are not.

Now, I would also like to redirect all http requests to https.

Are there any suggestions how I can do this?

I can redirect each server separately (ie: redirect tomcat http requests as outlined here and redirect Apache http request with redirect rules). However, I was wondering if there is a simpler way to do it (ie: where I would only have 1 redirect rather than a separate redirect for each server).

Thanks.

Answer 1

You have to configure the following to conf/server.xml

<Connector
port="8080"
protocol="HTTP/1.1"
scheme="https"
secure="true"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />

Please ensure scheme="https" is added so that no http request is being made.

Along with above add the default HSTS filters available in the conf/web.xml as defined in the tomcat documentation.

Please refer here for more info: Tomcat behind LB

Answer 2

I found this while I was looking for a solution for the same problem. This has code sample for Apache, Nginx and IIS.

<VirtualHost *:80>

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

</VirtualHost>

https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/