Reputation: 660
Issue with HTTPS to HTTP redirection by Elastic Load Balancer to Tomcat server
I have a ELB (Amazon Elastic Load Balancer) configured to load balance end users requests on HTTPS, on the backend I have my application running on Tomcat server which is configured on HTTP.
So when my end users makes a request to the application the request wil be on HTTPS, since they access the ELB, now, ELB internally redirects it on HTTP to the tomcat server. In tomcat my application is protected through Spring Security and if the request is for a protected resource and the user is not logged in user is redirected to the configured login page. Now, this redirection to the end user will be over HTTP, since the tomcat server had got the request originally from the ELB as HTTP. This will now lead to a 404 since I have not configured for inward traffic on HTTP.
How do we resolve this issue? Is the only option to have HTTPS both on the enduser-ELB and from ELB-tomcat or am i missing some thing here?
Upvotes: 10
Views: 10333
Answers (2)
Reputation: 159
I had a tough time finding this over the net and finally i found a way to do it.
The problem was that as soon as http redirected to https port on ELB internally it used to get redirected back to port 80 thus creating a loop. This happens because ELB offloads the SSL and then connects to port 80 again.
Finally after some research i got the correct rewrite rule to manage X-Forwarded-Proto in such a way that even if ELB offloads the SSL tomcat gets to now that the origin request was using SSL.
This is done using Tomcat Valves on Tomcat 8. Am sure it can be done on earlier versions too. I have enabled rewrite rules on Tomcat using valves. After that it was as simple as writing redirect rules on Apache.
Here are the steps:
Step 1:
a. Open context.xml under tomcat conf folder b. Paste the following line just below
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
Note : This will enable the valve globally. In case this needs to be enabled for specific host then it should be pasted inside the of server.xml for that particular domain
Step 2:
a. Open conf/server.xml
b. Paste the following line just above </Host>
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
Step 3:
a. Open the folder where web.xml is. For example if the application is hosted under ROOT then web.xml will be under webapps/ROOT/WEB-INF
b. Similarly if the application is hosted under webapps/myappfolder then the web.xml will be under webapps/myappfolder/WEB-INF
c. In the WEB-INF folder Create a new file rewrite.config. and paste the following rewrite rule:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Upvotes: 0
Reputation: 84162
ELB sets a X-Forwarded-Proto header that allows you to tell which protocol the client used to connect to your load balancer. See the documentation.
You can configure spring security to look at this header, see this answer for example.
Upvotes: 10
Related Questions
- How to redirect HTTPS to HTTP on ELB Application Load Balancer
- Redirect http to https AWS Application Load Balancer
- Load Balancer unable to redirect from HTTP to HTTPS in Elastic Beanstalk
- How to redirect to https on tomcat behind ELB
- Redirect Http Url to Https in Elastic beanstalk loadbalancer
- Spring Boot & ELB - How do I make the load balancer redirect http to https?
- AWS EC2 redirect HTTP to HTTPS trough load balancer
- HTTP to HTTPS Redirects for AWS ELB and Tomcat7 server
- Spring Boot with Spring Security behind Load Balancer: redirect HTTP to HTTPS
- Spring Boot with Embedded Tomcat behind AWS ELB - HTTPS redirect