Configuring HTTP to HTTPS redirection - AWS Elastic Beanstalk

Configuring HTTP to HTTPS redirection

This topic describes how to handle HTTP traffic to your application if end users still initiate it. You do this by configuring HTTP to HTTPS redirection, sometimes referred to as forcing HTTPS.

To configure redirection, you first configure your environment to handle HTTPS traffic. Then you redirect HTTP traffic to HTTPS. These two steps are discussed in the following subsections.

Configure your environment to handle HTTPS traffic

Depending on your environment's load balancing configuration, do one of the following:

Redirect HTTP traffic to HTTPS

To redirect HTTP traffic to HTTPS for your application you can either configure the web servers on your environment's instances or you can configure the environment's Application Load Balancer.

Configure the instance web servers

This method works on any web server environment. Configure web servers on your Amazon EC2 instances to respond to HTTP traffic with an HTTP redirection response status.

This configuration depends on your environment's platform. Find the folder for your platform in the https-redirect collection on GitHub, and use the example configuration file in that folder.

If your environment uses Elastic Load Balancing health checks, the load balancer expects a healthy instance to respond to the HTTP health check messages with HTTP 200 (OK) responses. Therefore, your web server shouldn't redirect these messages to HTTPS. The example configuration files in https-redirect handle this requirement correctly.

Configure the load balancer

This method works if you have a load-balanced environment that uses an Application Load Balancer. An Application Load Balancer can send redirection responses as HTTP traffic comes in. In this case, you don't need to configure redirection on your environment's instances.

We have two example configuration files on GitHub that show how to configure an Application Load Balancer for redirection.

  • The alb-http-to-https-redirection-full.config configuration file creates an HTTPS listener on port 443, and modifies the default port 80 listener to redirect incoming HTTP traffic to HTTPS.

  • The alb-http-to-https-redirection.config configuration file expects the 443 listener to be defined. To define it, you can use standard Elastic Beanstalk configuration namespaces, or the Elastic Beanstalk console. Then it takes care of modifying the port 80 listener for redirection.