{"id":6248,"date":"2016-09-10T13:43:42","date_gmt":"2016-09-10T05:43:42","guid":{"rendered":"http:\/\/rmohan.com\/?p=6248"},"modified":"2016-09-10T13:43:42","modified_gmt":"2016-09-10T05:43:42","slug":"how-to-force-https-behind-aws-elb","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6248","title":{"rendered":"How to force HTTPS behind AWS ELB"},"content":{"rendered":"<h1 id=\"em-sinagle-post-title\">How to force HTTPS behind AWS ELB<\/h1>\n<div class=\"post post_single post_single_business vc_row\">\n<div class=\"post_ctn clearfix\">\n<div class=\"entry\">\n<div class=\"vc_row wpb_row vc_row-fluid  \">\n<div class=\"vc_span12 wpb_column vc_column_container \">\n<div class=\"wpb_wrapper\">\n<div class=\"wpb_text_column wpb_content_element  \">\n<div id=\"ct_5p4a37phz3skxe0wwt9f\" class=\"wpb_wrapper\">\n<p>In the most common configurations, when running your web app behind Nginx or Apache, your https:\/\/ request will get redirected to http:\/\/. Sometimes, you may want to rewrite all HTTP requests to HTTPS.<\/p>\n<p>The Amazon Elastic Load Balancer (ELB) supports a HTTP header called <strong>X-FORWARDED-PROTO<\/strong>. All the HTTPS requests going through the ELB will have the value of <strong>X-FORWARDED-PROTO<\/strong> equal to \u201c<strong>HTTPS<\/strong>\u201c. For the HTTP requests, you can force HTTPS by adding a simple rewrite rule, as follows:<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"vc_row wpb_row vc_row-fluid  \">\n<div class=\"vc_span12 wpb_column vc_column_container \">\n<div class=\"wpb_wrapper\">\n<h1 class=\"vc_custom_heading\">1. Nginx<\/h1>\n<div class=\"wpb_text_column wpb_content_element  \">\n<div id=\"ct_pg74bet3g5mw6n9rih9v\" class=\"wpb_wrapper\">\n<p>In your nginx site config file check if the value of X_FORWARDED_PROTO is https, if not, rewrite it:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-linenumbers=\"false\">server {\r\n  listen 80;\r\n  ....\r\n  location \/ {\r\n    if ($http_x_forwarded_proto != 'https') {\r\n      rewrite ^ https:\/\/$host$request_uri? permanent;\r\n    } \r\n  ....\r\n  }\r\n}<\/pre>\n<\/div>\n<\/div>\n<h1 class=\"vc_custom_heading\">2. Apache<\/h1>\n<div class=\"wpb_text_column wpb_content_element  \">\n<div id=\"ct_9dq8taq7ili5p3e3y4a7\" class=\"wpb_wrapper\">\n<p>Same\u00a0goes\u00a0for\u00a0Apache,\u00a0add\u00a0this\u00a0rewrite\u00a0rule\u00a0to\u00a0your\u00a0site\u2019s\u00a0config\u00a0file:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">&lt;VirtualHost *:80&gt;\r\n...\r\nRewriteEngine On\r\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\r\nRewriteRule ^.*$ https:\/\/%{SERVER_NAME}%{REQUEST_URI}\r\n...\r\n&lt;\/VirtualHost&gt;<\/pre>\n<\/div>\n<\/div>\n<h1 class=\"vc_custom_heading\">3. IIS (Windows)<\/h1>\n<div class=\"wpb_text_column wpb_content_element  \">\n<div id=\"ct_p66p121wqk4zfek303n9\" class=\"wpb_wrapper\">\n<p>Install\u00a0IIS\u00a0Url-Rewrite\u00a0module,\u00a0using\u00a0the\u00a0configuration\u00a0GUI\u00a0add\u00a0these\u00a0settings<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">Install IIS Url-Rewrite module, using the configuration GUI add these settings\r\n\r\n&lt;rewrite xdt:Transform=\"Insert\"&gt;\r\n&lt;rules&gt;\r\n&lt;rule name=\"HTTPS rewrite behind ELB rule\" stopProcessing=\"true\"&gt;\r\n&lt;match url=\"^(.*)$\" ignoreCase=\"false\" \/&gt;\r\n&lt;conditions&gt;\r\n&lt;add input=\"{HTTP_X_FORWARDED_PROTO}\" pattern=\"^http$\" ignoreCase=\"false\" \/&gt;\r\n&lt;\/conditions&gt;\r\n&lt;action type=\"Redirect\" redirectType=\"Found\" url=\"https:\/\/{SERVER_NAME}{URL}\" \/&gt;\r\n&lt;\/rule&gt;\r\n&lt;\/rules&gt;\r\n&lt;\/rewrite&gt;<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>How to force HTTPS behind AWS ELB <\/p>\n<p>In the most common configurations, when running your web app behind Nginx or Apache, your https:\/\/ request will get redirected to http:\/\/. Sometimes, you may want to rewrite all HTTP requests to HTTPS.<\/p>\n<p>The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6248"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6248"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6248\/revisions"}],"predecessor-version":[{"id":6249,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6248\/revisions\/6249"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}