Configuring HTTP to HTTPS redirection
This topic describes how to handle HTTP traffic to your application if end users still initiate it. You do this by configuring HTTP to HTTPS redirection, sometimes referred to as forcing HTTPS.
To configure redirection, you first configure your environment to handle HTTPS traffic. Then you redirect HTTP traffic to HTTPS. These two steps are discussed in the following subsections.
Configure your environment to handle HTTPS traffic
Depending on your environment's load balancing configuration, do one of the following:
-
Load-balanced environment – Configure your load balancer to terminate HTTPS.
-
Single-instance environment – Configure your application to terminate HTTPS connections at the instance. This configuration depends on your environment's platform.
Redirect HTTP traffic to HTTPS
To redirect HTTP traffic to HTTPS for your application you can either configure the web servers on your environment's instances or you can configure the environment's Application Load Balancer.
Configure the instance web servers
This method works on any web server environment. Configure web servers on your Amazon EC2 instances to respond to HTTP traffic with an HTTP redirection response status.
This configuration depends on your environment's platform. Find the folder for your platform in the https-redirect
If your environment uses Elastic Load Balancing health checks, the load balancer expects a healthy
instance to respond to the HTTP health check messages with HTTP 200 (OK) responses. Therefore, your web server shouldn't redirect these messages to HTTPS.
The example configuration files in https-redirect
Configure the load balancer
This method works if you have a load-balanced environment that uses an Application Load Balancer. An Application Load Balancer can send redirection responses as HTTP traffic comes in. In this case, you don't need to configure redirection on your environment's instances.
We have two example configuration files on GitHub that show how to configure an Application Load Balancer for redirection.
-
The
alb-http-to-https-redirection-full.config
configuration file creates an HTTPS listener on port 443, and modifies the default port 80 listener to redirect incoming HTTP traffic to HTTPS. -
The
alb-http-to-https-redirection.config
configuration file expects the 443 listener to be defined. To define it, you can use standard Elastic Beanstalk configuration namespaces, or the Elastic Beanstalk console. Then it takes care of modifying the port 80 listener for redirection.