How to redirect HTTP to HTTPS in Elastic Beanstalk
by Updated -I want to configure the web servers on my Elastic Beanstalk environment’s instances to redirect HTTP traffic to HTTPS.
I want to state what my beanstalk environment is:
- Apache Web Server.
- PHP 7.3
- HTTPS listener well configured with certificate
I will use a flexible way to configure my environment using .ebextensions
You can add AWS Elastic Beanstalk configuration files (.ebextensions) to your web application's source code to configure your environment and customize the AWS resources that it contains. Configuration files are YAML- or JSON-formatted documents with a .config file extension that you place in a folder named .ebextensions and deploy in your application source bundle.
Traditionally to configure certain things in our server instance , I would do changes through SSH connection. But there is a catch with elastic beanstalk environment. Every time new code is deployed to environment server-configurations resets from the changes that I made via SSH connection in previous session. All is lost. This is where .ebextensions comes in handy. Every deploy makes sure that my instance is configured according to configurations.
To redirect HTTP traffic to HTTPS, I will create a config file named https-redirect-php.config under .ebextensions folder in the root of my application. The content of the config file is:
files:
/etc/httpd/conf.d/http-redirect.conf:
mode: "000644"
owner: root
group: root
content: |
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_USER_AGENT} !ELB-HealthChecker
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Now deploy. HTTP traffic should be redirecting to HTTPS.
Edit UPDATE: If we already have an ebxtension for conf.d previously then we have a slight problem. We can see that above http-redirect.conf we wrote affects conf.d too but Beanstalk will use one of them files. In fact it picks up them in some order and overwrite during the process. In the end one of the config files will not take affect. For example lets say we already have one config extension file that was applying some settings to virtual hosts like below:
files:
/etc/httpd/conf.d/vhost.conf:
mode: "000644"
owner: root
group: root
content: |
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "/var/app/current/public/"
<Directory "/var/app/current/public/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Above example points domain to public document root folder that application in use. Now We already have this file that is affecting conf.d file of my server. In this case I should write my https redirect settings to same single file. Our unified ebextension will look like this:
files:
/etc/httpd/conf.d/vhost.conf:
mode: “000644”
owner: root
group: root
content: |
NameVirtualHost *:80
<VirtualHost :80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_USER_AGENT} !ELB-HealthChecker
RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI}
DocumentRoot “/var/app/current/public/”
<Directory “/var/app/current/public/”>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Conclusion: Don’t put multiple settings supposed to be affecting single server configuration in separate extension files. Beanstalk will use only one of them for a given server file. According to your needs and requirements implement extension.
You might also like: HTTPS not working on AWS Elastic Beanstalk
You might also like: AWS Elastic Beanstalk Swap Environment Urls