AWS ELB – How to force HTTPS

In the most common configurations, when running your web app behind ​Nginx or Apache, ​your https:// request will get redirected to ​http://. Sometimes, you may want to rewrite all HTTP requests to HTTPS.

The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS”. For the HTTP requests, you can force HTTPS by adding a simple rewrite rule, as follows:

1. Nginx

In your nginx site config file check if the value of X_FORWARDED_PROTO is https, if not, rewrite it:

 2. Apache

Same goes for Apache, add this rewrite rule to your site’s config file:

3. IIS

Install IIS Url-Rewrite module, using the configuration GUI add these settings

 

Revisions

No comments yet.

Leave a Reply