Skip to main content

How to force redirect HTTP to HTTPS in Amazon Elastic Beanstalk

After picking up bits and pieces over the Internet, here I have the complete guide for my particular setup. My Amazon AWS Elastic Beanstalk (ELB or EBS) is as follows:
  • 64bit Amazon Linux 2016.03 v2.1.1 running Tomcat 8 Java 8
  • Java/JSP application on Apache Tomcat
  • Maven Build

How to get it done:

First, configure your EBS instance:
  1. Go to Configuration and click the gear on Load Balancing.
  2. Under Load Balancer, set the following options:
    1. Listener port: 80
    2. Protocol: HTTP
    3. Secure listener port: 443
    4. Protocol: HTTPS
    5. SSL certificate ID: Choose the cert ID that goes with your server. If you don't have one, you can use Certificate Manager to create one.
  3. Apply and save this configuration. Let the server health be OK.
  4. Test it by accessing your application web page through both HTTP and HTTPS:
    1. HTTP should load the page unsecurely.
    2. HTTPS should load the page securely.
    3. No port number should be added after the domain name in either case.
Then, add a configuration file in a folder called .ebextensions in your project. When you do Maven Build, this folder should go into the root of the WAR file. (If you package multiple WAR files into a ZIP file, the folder should be included at the root of the ZIP file itself, not any of the WAR files).
  1. To correctly add this folder to the root of the WAR file, in my project, I created this folder in src/main/webapp folder, alongside resources and WEB-INF folders.
    1. Note: If you're on Windows, you will need to use Command Prompt or Bash emulator to create the folder. This is because Windows Explorer doesn't allow creating folders starting with a period.
  2. Inside the folder, create a file with any name, but with the extension .config. So it could be ssl_rewrite.config which is a nice name to remember what this is for.
  3. Edit the file and put the following as its contents:
files:
  "/etc/httpd/conf.d/00_ssl_rewrite.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
      <VirtualHost *:80>
        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>
      
        ProxyPass / http://localhost:8080/ retry=0
        ProxyPassReverse / http://localhost:8080/
        ProxyPreserveHost on
      
        ErrorLog /var/log/httpd/elasticbeanstalk-error_log
      
        RewriteEngine on
        RewriteCond %{HTTP:X-Forwarded-Proto} =http
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      
      </VirtualHost>

services:
  sysvinit:
    httpd:
      files:
        - "/etc/httpd/conf.d/00_ssl_rewrite.conf"

NOTES:
  • The files section creates a conf file in the given path, with the given parameters.
  • The content from <VirtualHost *:80> to </VirtualHost> has been copied from an instance of the environment, specifically from the file /etc/httpd/conf.d/elasticbeanstalk.conf.
  • That copied content has been modified to add the three Rewrite* lines just before the closing </VirtualHost> tag.
  • If your elasticbeanstalk.conf differs, you should use that instead, and just add the three Rewrite* lines. Remember to indent the content properly as the YAML format requires indentation.
  • You could use the name elasticbeanstalk.conf instead of 00_ssl_rewrite.conf but I would prefer to use the latter to:
    • Prevent overwrite of the default elasticbeanstalk.conf installed by EBS.
    • Ensure 00_ssl_rewrite.conf always takes precedence (conf files are loaded alphabetically and the first VirtualHost takes precedence).
  • The services section restarts httpd after writing the file, thus ensuring that the configuration is loaded. Without it, httpd would need to be manually reloaded unless the instance is dropped and recreated.
Finally, do a Maven build and deploy:
  1. Execute the Maven Build and get the WAR file as usual.
  2. Open the WAR file in an archiver like 7-Zip to check and make sure the .ebextensions folder is at the root and has the config file.
  3. In ELB, upload and deploy the WAR file to your environment. Let the server health be OK.
  4. Test it by accessing your application web page through both HTTP and HTTPS:
    1. HTTP should give a 301 redirect to HTTPS. (You can see this in Inpector's Network view.)
    2. HTTPS should load the page securely.
    3. No port number should be added after the domain name in either case.
That's it! It sounds so simple in hindsight, but I had to try a lot of misleading and incomplete solutions strewn over the Internet before arriving at this exact solution. I hope this helps you cut to the chase a lot faster than I could.

Comments

Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software: IntelliJ IDEA PhpStorm PyCharm RubyMine WebStorm AppCode CLion Google also provides Android Studio which is powered by the IntelliJ platform. If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to. You can change the behavior by altering some settings.

Make Samsung DVD-C350 region-free

Update 2: An anonymous commentator has shown me a way to make Region 1 players (such as DVD-H1080R) region-free by first converting it to Region 3, then applying my region-free hack below. For details, click here or look for a comment by an Anonymous user dated 18 April 2011. Update: The instructions in the original post below did not make the DVD player region-free. Instead it only locked it to region 1. Many thanks to Anonymous who posted the first comment on this post, I now have alternate instructions. Note: If you have edited the numbers menu (see original post) , I suggest you return it to the original settings you had backed up. A modified numbers menu may prevent the instructions below from working properly.