Monday, 4 April 2016

AWS : Redirect HTTP to HTTPS

It has been a headache to enforce HTTPS for applications running on EC2 (Elastic Compute Cloud) , if you are encountering the same challenge then you should read below.





Case 1 : application is powered by Elastic Beanstalk with Tomcat

Solution
edit /etc/httpd/conf.d/elasticbeanstalk.conf


Case 2 : application is running in tomcat with or without apache httpd service on EC2 only

Solution:

edit server.xml
edit web.xml



Both above 2 solutions won't work , because SSL is configured at load balancer layer not application container level with aws.

You would end up infinite loop as request coming on unsecured channel (80 or 8080) is redirected to load balancer on 443 ,and load balancer would send request to unsecured port (80 or 8080), then this unsecured port would be redirected to load balancer 443 again , the loop never ends.

A working solution would be there are 2 containers (tomcat) listening on different unsecured ports , one (8089) is purely for redirect to secured channel another (8080) is where actual application is deployed.




I use spring boot for purpose of redirecting (from 8089 to 443) which you can download the source from there : https://github.com/junjun-dachi/spring-util/tree/master/spring-boot-enforce-https and a sample code below:




Type below on the command line to run the application :

nohup $JAVA_HOME/bin/java -jar spring-enforce-https.jar > /dev/null 2>&1 & echo $! > run.pid




Reference :

1 : http://msnider.github.io/blog/2013/12/06/force-https-slash-ssl-on-amazon-elastic-beanstalk/

2 : http://www.emind.co/how-to/how-to-force-https-behind-aws-elb 

3 : https://edwardsamuel.wordpress.com/2015/07/17/enable-https-and-http-redirect-on-aws-elastic-beanstalk/

4 : http://tkurek.blogspot.sg/2013/07/tomcat-7-http-to-https-redirect.html  

1 comment:

  1. Nice article, users are attracted when they see your post thanks for posting keep updating AWS Online Training Hyderabad

    ReplyDelete

Flag Counter