4

I am using AWS Elasticbeanstalk for my Spring MVC web application. I want to redirect all the request to https. I tried following this How to force https on elastic beanstalk? but this didn't work for me. This code redirects to https but my app didn't work. It shows "This page isn’t working". Code for your reference 

<VirtualHost *:80>
  RewriteEngine on
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  <Proxy *>
    Order Allow,Deny
    Allow from all
  </Proxy>
  ProxyPass / http://localhost:8080/ retry=0
  ProxyPassReverse / http://localhost:8080/
  ProxyPreserveHost on

  ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
ponraj
  • 738
  • 1
  • 7
  • 21
  • are you using load balancers? if yes, are they terminating the SSL/TLS connection? – mostafazh Apr 01 '18 at 20:58
  • Yes, and i allowed 443 and configured my ssl certificate – ponraj Apr 02 '18 at 06:01
  • Great, does the https website work fine when you visit it using https:// domain .com ? – mostafazh Apr 02 '18 at 06:05
  • No once i used this https and http both not working. But before that Https works fine. only problem it is not redirecting automatically – ponraj Apr 02 '18 at 08:22
  • i noticed that after using this code secure listener port is off, then i tried to enable it then i got this error. "LoadBalancerHTTPSPort: You have specified both the @deprecated(:default.aws:elb:loadbalancer:LoadBalancerHTTPSPort) option as well as one in the new aws:elb:listener:443 namespace. The :default.aws:elb:loadbalancer:LoadBalancerHTTPSPort option will be ignored." – ponraj Apr 03 '18 at 08:14

1 Answers1

1

Assuming you've already tested HTTPS working fine when your website is visited with HTTPS already. If not you can add this file .ebextensions/loadbalancer-terminatehttps.config with content as below:

option_settings:
  aws:elb:listener:443:
    ListenerProtocol: HTTPS
    SSLCertificateId: arn:aws:acm:us-west-2:<your-account-id>:certificate/<certificate-arn-on-aws-acm>
    InstancePort: 80
    InstanceProtocol: HTTP

All what's left is to configure the instances Apache config to redirect the clients visiting your website with HTTP to HTTPS, add the code below to a new file .ebextensions/001_ssl_rewrite.config

Apache 2.4+

files:
    "/etc/httpd/conf.d/ssl_rewrite.conf":
        mode: "000644"
        owner: root
        group: root
        content: |
            RewriteEngine On
            <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
            RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
            </If>

Apache 2.2.X

files:
    "/etc/httpd/conf.d/ssl_rewrite.conf":
        mode: "000644"
        owner: root
        group: root
        content: |
            LoadModule rewrite_module modules/mod_rewrite.so
            RewriteEngine On
            # This will enable the Rewrite capabilities
            RewriteCond %{HTTPS} !=on
            # This checks to make sure the connection is not already HTTPS
            RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

You can check which Apache is installed on your Elastic Beanstalk from here

For more, please read both of those answers: https://stackoverflow.com/a/38751749/1772245 and https://stackoverflow.com/a/40670047/1772245

mostafazh
  • 4,144
  • 1
  • 20
  • 26
  • check the updated answer, looks like AWS Java Beanstalk images are using an older version of Apache. – mostafazh Apr 02 '18 at 08:38
  • it is not redirecting, when i hit http it didn't redirect to https – ponraj Apr 02 '18 at 09:53
  • try "RewriteCond %{HTTP:X-Forwarded-Proto} =http" instead of "RewriteCond %{HTTPS} !=on" and can you confirm that you are not getting any "Invalid command 'RewriteEngine'" errors in the logs? – mostafazh Apr 02 '18 at 10:09
  • also make sure you don't have any other changes done to your tomcat. You can also ssh into the instance and edit the file `/etc/httpd/conf.d/ssl_rewrite.conf` and restart apache then test ... etc. Please let me know if you need any further questions. – mostafazh Apr 02 '18 at 10:12
  • i tried changing that line and no use. I didn't get any error in EB events. i checked in full logs and i couldn't find any invalid command error. I just got "File does not exist: /etc/httpd/htdocs" in elasticbeanstalk_error file – ponraj Apr 02 '18 at 11:31
  • I haven't provided ssh access to my instance security group and as it is managed be EB how the changes will affect to all other instances – ponraj Apr 02 '18 at 11:33
  • Hi, i noticed one new thing now, when i use the code i mentioned in question, the configuration automatically changes to secure port to disable. i tried to enable that but i got this error "LoadBalancerHTTPSPort: You have specified both the @deprecated(:default.aws:elb:loadbalancer:LoadBalancerHTTPSPort) option as well as one in the new aws:elb:listener:443 namespace. The :default.aws:elb:loadbalancer:LoadBalancerHTTPSPort option will be ignored." can you please help on this – ponraj Apr 03 '18 at 09:24
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/168103/discussion-between-mostafazh-and-ponraj). – mostafazh Apr 03 '18 at 10:06
  • 1
    Adding that file work for me., i didn't followed other things as adding that file done the job – ponraj Apr 03 '18 at 11:49