2

I was having a really bad time trying to get our drupal site to run in full https behind an AWS load balancer using Apache and mod_rewrite. The ELB is acting as the SSL certificate provider. All traffic to the ELB should be encrypted, then the traffic to the EC2 instances is normal HTTP (pretty standard).

I attempted all sorts of .htaccess and Apache conf.d/*.conf mod_rewrite conditions and rules. When I was able to it to redirect traffic to https, it would break the ELB's health checks, bringing my "unhealthy" EC2 instance out of the pool. If I tried to fix it so the ELB health checks would pass, I'd get an infinite redirect problem.

After a week or so of working on this on and off, I finally found a solution. If you're having the same issue, please look here! It might not work 100% for you, but at least I may be able to shed some light on how to go about fixing it.

jotik
  • 17,044
  • 13
  • 58
  • 123
tbox
  • 199
  • 1
  • 11
  • This doesn't seem to be a question. Also, the issue you are posting about has already been asked and answered on here several times, like here: http://stackoverflow.com/questions/17174626/elb-and-apache-configuration-for-https-website – Mark B Apr 22 '16 at 18:39
  • I'm voting to close this question as off-topic because this isn't a question. – Mark B Apr 22 '16 at 18:39
  • Sorry--was writing an answer. None of the other methods I tried worked properly, or at least weren't explained in enough detail to help me. The one you posted to was attempted and led to infinite redirects because of the RewriteRule that was used. The only way I could get it to work was by manually typing my domain. – tbox Apr 22 '16 at 19:00

2 Answers2

2

Well here's my answer for a site that I want ALL traffic directed to https://example.com. (If you want https://www.example.com, you can make a few tweaks)

First off, Drupal's settings.php file at /sites/default/settings.php:

I have the following in this file:

$base_url = '//example.com';
$conf['reverse_proxy'] = TRUE;
$conf['reverse_proxy_addresses'] = array('name-of-my-loadbalancer.us-west-2.elb.amazonaws.com');
$conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';

To be honest, I don't know if the above "reverse_proxy" settings are actually necessary. In fact, I have disabled them and it doesn't seem to affect anything so it might not be. The important part is to make sure you have the $base_url = '//example.com'; in your settings.php file.

The next part is configuring your .htaccess file. Here are the bits that are important:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !=/healthy.html
RewriteRule ^ https://example\.com%{REQUEST_URI} [L,R=301]

For a noob like me, this was tough to figure out at first but here's the breakdown:

  1. RewriteCond %{HTTP:X-Forwarded-Proto} !https This looks at the protocol being sent by the load balancer. If the protocol is NOT https, initiate the RewriteRule.

  2. RewriteCond %{HTTPS} off If traffic is headed to the site that is not HTTPS, initiate the RewriteRule

  3. RewriteCond %{REQUEST_URI} !=/healthy.html this is an important bit. I have a simple healthy.html file that contains the word "Success!" within my main drupal webroot directory for Apache. When the healthy.html file is accessed by the ELB, it will bypass our rewrite rule. If it didn't the ELB health check would fail, taking our server(s) offline.

  4. RewriteRule ^ https://example\.com%{REQUEST_URI} [L,R=301] Here is the actual rewrite rule. If all of the above conditions pass then this will rewrite the incoming URL to https://example.com/whatever. By the way, the L stands for "Last," as in "this is the last rule of this set" and the "R=301" stands for "301 Redirect."

The only time this doesn't do a proper redirect is if I manually type in https://www.example.com (with the https at the beginning). I think I can fix that with another simple RewriteCond.

tbox
  • 199
  • 1
  • 11
0

In case anyone like me land over here with Drupal 9 and hosted within AKS cluster, if you are using ingress add following annotation in ingress.

appgw.ingress.kubernetes.io/backend-hostname: "example.com"

after adding this line at ingress and applying it to AKS

echo $_SERVER['HTTP_HOST'];

will print

example.com

as your new host, that should solve Drupal base_url issue.

riju.srk
  • 209
  • 4
  • 9