4

I am using an application load balancer to map certain paths to one server (Apache) and other paths to another server (Tomcat).

I made all pages on my site available via https by setting up an https listener on the load balancer.

So that requests from client to load balancer are encrypted but from load balancer to servers are not.

Now, I would also like to redirect all http requests to https.

Are there any suggestions how I can do this?

I can redirect each server separately (ie: redirect tomcat http requests as outlined here and redirect Apache http request with redirect rules). However, I was wondering if there is a simpler way to do it (ie: where I would only have 1 redirect rather than a separate redirect for each server).

Thanks.

Improve this question
5
  • 1
    Have you looked into implementing HSTS? en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Commented Apr 30, 2017 at 18:32
  • 1
    Thanks. I did not know much about HSTS, but as I understand it, even if I do implement HSTS I would need to do so in addition to redirects (not instead of)...Therefore my question still stands. Commented Apr 30, 2017 at 18:59
  • 4
    The load balancer isn't capable of issuing redirects. You have to configure your web servers to check the x-forwarded-proto value and issue the appropriate redirect. Commented Apr 30, 2017 at 19:00
  • Thanks @MarkB, is there some documentation for how best to do this for Tomcat? Commented May 1, 2017 at 5:47
  • 1
    Here lies the answer to your struggle: stackoverflow.com/a/51540255/9180019 Commented Aug 29, 2018 at 19:56

2 Answers 2

Reset to default
1

I found this while I was looking for a solution for the same problem. This has code sample for Apache, Nginx and IIS.

<VirtualHost *:80>

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

</VirtualHost>

https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You have to configure the following to conf/server.xml

<Connector
port="8080"
protocol="HTTP/1.1"
scheme="https"
secure="true"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />

Please ensure scheme="https" is added so that no http request is being made.

Along with above add the default HSTS filters available in the conf/web.xml as defined in the tomcat documentation.

Please refer here for more info: Tomcat behind LB

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.