Configuring HTTP to HTTPS redirection
In Configuring HTTPS for your Elastic Beanstalk environment and its subtopics, we discuss configuring your Elastic Beanstalk environment to use HTTPS to ensure traffic encryption into your application. This topic describes how to elegantly handle HTTP traffic to your application if end users still initiate it. You do this by configuring HTTP to HTTPS redirection, sometimes referred to as forcing HTTPS.
To configure redirection, you first configure your environment to handle HTTPS traffic. Then you redirect HTTP traffic to HTTPS. These two steps are discussed in the following subsections.
Configure your environment to handle HTTPS traffic
Depending on your environment's load balancing configuration, do one of the following:
-
Load-balanced environment – Configure your load balancer to terminate HTTPS.
-
Single-instance environment – Configure your application to terminate HTTPS connections at the instance. This configuration depends on your environment's platform.
Redirect HTTP traffic to HTTPS
You can configure either the web servers on your environment's instances or the environment's Application Load Balancer to redirect HTTP traffic to HTTPS. Do one of the following:
-
Configure instance web servers – This method works on any web server environment. Configure web servers on your Amazon Elastic Compute Cloud (Amazon EC2) instances to respond to HTTP traffic with an HTTP redirection response status. This configuration depends on your environment's platform. Find the folder for your platform in the
https-redirect
collection on GitHub, and use the example configuration file in that folder. If your environment uses Elastic Load Balancing health checks, the load balancer expects a healthy instance to respond to the HTTP health check messages with HTTP 200 (OK) responses. Therefore, your web server shouldn't redirect these messages to HTTPS. The example configuration files in
https-redirect
handle this requirement correctly. -
Configure load balancer – This method works if you have a load-balanced environment that uses an Application Load Balancer. Application Load Balancer can send redirection responses as HTTP traffic comes in. In this case, you don't need to configure redirection on your environment's instances. We have two example configuration files on GitHub that show how to configure Application Load Balancer for redirection. The
alb-http-to-https-redirection-full.config
configuration file creates an HTTPS listener on port 443, and modifies the default port 80 listener to redirect incoming HTTP traffic to HTTPS. The alb-http-to-https-redirection.config
configuration file expects the 443 listener to be defined (you can use standard Elastic Beanstalk configuration namespaces, or the Elastic Beanstalk console). Then it takes care of modifying the port 80 listener for redirection.