Is there option to redirect http traffic to https in aws network load balancer

Question

In Classic Load Balancer(CLB) and Application Load Balancer(ALB) there is option to redirect all http traffic to https listener.

I do not find the option to redirect tcp port 80 traffic to tls port 443 from NLB (Network Load Balancer)

Any help is much appreciated.

Answer 1

As of now at least there is a way to manage that with an network loadbalancer and an application load balancer. This is what I did You can have to listeners in the each load balancer.

1. Create two listeners in the application load balancer loadbalancer one for http and on for https and create their target groups.
2. Set up the https with the https certificates and everything pointing to your ecs target group or how ever you end up deploying your application
3. Set up the other listener of the application load balancer to just forward to the https listener
4. Create an network loadbalancer (usefull if you have your dns registered outside of aws anyway) create again two listeners one listening on port tcp:80 and one on tcp:443 and just have the forward to their equivelant in the application load balancer.

That worked for me

Answer 2

If you use a Network Load Balancer and your HTTP (Port 80 Generally) requests also configured for NLB, Add this code in your last line of .htaccess file:

RewriteCond %{HTTPS} off RewriteRule ^(.*)$
https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Answer 3

As of September 2021 this is now possible by creating an Application Load Balancer-type Target Group.

1. Create an Application Load Balancer that only redirects from HTTP to HTTPS
2. Create a Target Group of type "Application Load Balancer" and have it point to the ALB
3. In the Network Load Balancer, add a TCP listener on port 80 that forwards to the ALB Target Group

AWS documentation on Application Load Balancer-type Target Groups:
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/application-load-balancer-target.html

Answer 4

AWS Network Load Balancer cannot handle layer 7 thus cannot redirect HTTP to HTTPS by itself.

Workaround I did is:

1. forward HTTPS requests to app servers' HTTP
2. forward HTTP requests to app server's port 8080
3. set up one app server to listen to port 8080, and redirect requests to https:

In this way, the network load balancer can still terminate TLS. And if HTTP requests come to the LB, it will forward to port 8080 and the app/web server will redirect it to your https site.

Answer 5

No, You can not redirect to HTTP/HTTPS as Network LB does not have application layer.

HTTP and HTTPS traffic can be routed to your environment over TCP. To establish secure HTTPS connections between web clients and your environment, install a self-signed certificate on the environment's instances, and configure the instances to listen on the appropriate port (typically 443) and terminate HTTPS connections.

environments-cfg-nlb

Answer 6

This is not a feature of Network Load Balancers, the feature you're talking about is a layer 7 feature.

Network Load Balancers operate at layer 4, to reproduce this functionality your application would need to implement this instead.

If your application is a public web based application you could get around this by adding a CloudFront distribution in front that can perform HTTP to HTTPS redirect, or migrate to an application load balancer (as you mentioned).