Configuring HTTP to HTTPS redirection - AWS Elastic Beanstalk

Configuring HTTP to HTTPS redirection

In Configuring HTTPS for your Elastic Beanstalk environment and its subtopics, we discuss configuring your Elastic Beanstalk environment to use HTTPS to ensure traffic encryption into your application. This topic describes how to elegantly handle HTTP traffic to your application if end users still initiate it. You do this by configuring HTTP to HTTPS redirection, sometimes referred to as forcing HTTPS.

To configure redirection, you first configure your environment to handle HTTPS traffic. Then you redirect HTTP traffic to HTTPS. These two steps are discussed in the following subsections.

Configure your environment to handle HTTPS traffic

Depending on your environment's load balancing configuration, do one of the following:

Redirect HTTP traffic to HTTPS

You can configure either the web servers on your environment's instances or the environment's Application Load Balancer to redirect HTTP traffic to HTTPS. Do one of the following:

  • Configure instance web servers – This method works on any web server environment. Configure web servers on your Amazon Elastic Compute Cloud (Amazon EC2) instances to respond to HTTP traffic with an HTTP redirection response status. This configuration depends on your environment's platform. Find the folder for your platform in the https-redirect collection on GitHub, and use the example configuration file in that folder.

    If your environment uses Elastic Load Balancing health checks, the load balancer expects a healthy instance to respond to the HTTP health check messages with HTTP 200 (OK) responses. Therefore, your web server shouldn't redirect these messages to HTTPS. The example configuration files in https-redirect handle this requirement correctly.

  • Configure load balancer – This method works if you have a load-balanced environment that uses an Application Load Balancer. Application Load Balancer can send redirection responses as HTTP traffic comes in. In this case, you don't need to configure redirection on your environment's instances. We have two example configuration files on GitHub that show how to configure Application Load Balancer for redirection. The alb-http-to-https-redirection-full.config configuration file creates an HTTPS listener on port 443, and modifies the default port 80 listener to redirect incoming HTTP traffic to HTTPS. The alb-http-to-https-redirection.config configuration file expects the 443 listener to be defined (you can use standard Elastic Beanstalk configuration namespaces, or the Elastic Beanstalk console). Then it takes care of modifying the port 80 listener for redirection.