How to redirect HTTP traffic to HTTPS when using AWS ALB

This is a troubleshooting history about composing ALB-EC2 infrastructure. I got the solution from this following document.

Problem

For secure network service, we set redirect setting on our web server. I’m using Apache normally, so at that time, I write config file as shown below.

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# ...
</VirtualHost>
<VirtualHost *:443>
# ...
</VirtualHost>

It works if you just only use EC2 instance. But if you want to use application load balancer(ALB), this setting will be becoming cause of the ERR_TOO_MANY_REDIRECTS error.

Solution

To identify what protocol is used by load balancer, we should check X-Forwarded-Proto header.

If you don’t know what is XFP header, check this definition defined by Mozilla.

The X-Forwarded-Proto (XFP) header is a de-facto standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer. Your server access logs contain the protocol used between the server and the load balancer, but not the protocol used between the client and the load balancer. To determine the protocol used between the client and the load balancer, the X-Forwarded-Proto request header can be used.

Anyway, I modified my Apache config file as shown below.

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
# ...
</VirtualHost>
  1. I modifed RewriteCond
  2. I removed definition about 443 port

We check only XFP header to identify protocol. And we have not to define 443 port of virtual host setting, because ALB offer HTTPS communication automatically if we set simple listener and ACM.

Conclusions

I always stuck when I composed infrastructure, so I decided to record troubleshooting history for myself. I hope this history help someone who has same trouble to me.

--

--

Korean, live in Japan. The programmer. I love to learn something new things. I’m publishing my toy projects using GitHub. Visit https://www.jangwook.net.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jangwook Kim

Jangwook Kim

Korean, live in Japan. The programmer. I love to learn something new things. I’m publishing my toy projects using GitHub. Visit https://www.jangwook.net.