In AWS ELB we can pass the traffic as HTTP (80) or HTTPS (443) . If you are using HTTPS you have to terminate SSL certificate either in ELB or backend EC2 instance.
Normally users will type the URL directly in browser not with HTTP or HTTPS . When user type the URL with HTTPS the request will responded directly . If the user type the URL directly without HTTPS how it will work? Either the connection will drop or will pop for security warning or the URL will be serviced as normal HTTP only ,not with secured HTTPS .
Note: HTTP or HTTPS anything should be configured in your website settings.
To redirect the normal HTTP requests to HTTPS need to wirte a small rule in your web servers.
1.The rewrite rule on the web server for directing HTTP requests to HTTPS causes requests to use port 443 for HTTPS traffic on the load balancer.
2.The load balancer still sends the requests to the backend web server on port 80.
3.You have to open http and https port on ELB
Traffic flow:
HTTPS –Inbound 443 in ELB —80 Backend EC2
HTTP – Inbound 80 in ELB —80 Backend EC2
The other option is you can use full end-to-end https connection also, but you have to terminate your SSL certificates on ELB and backend EC2 instance as well.
HTTPS –Inbound 443 in ELB — 443 Backend EC2
HTTP – Inbound 80 in ELB — 443 Backend EC2
Using the X-Forwarded-Proto header of the HTTP request, change your web server’s rewrite rule to apply only if the client protocol is HTTP. Ignore the rewrite rule for all other protocols used by the client.
This way, if clients use HTTP to access your website, they are redirected to an HTTPS URL, and if clients use HTTPS, they are served directly by the web server .
Apache
The rewrite rule for an Apache backend would look similar to the following in .htaccess
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
...
</VirtualHost>
Nginx
The rewrite rule for an Nginx backend in the ngnix.conf file would look similar to the following:
server {
listen 80;
server_name www.example.org;
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$REQUEST_URI permanent;
}
}
IIS
Before making changes to your web.config file, you must install the URL rewrite module from Microsoft IIS Downloads.
The rewrite rule for an IIS backend would look similar to the following in the web.config file under <system.webServer> section:
<rewrite>
<rules>
<rule name="Rewrite HTTP to HTTPS” stopProcessing=”true”>
<match url="^(.*)$" />
<conditions logicalGrouping=”MatchAny”>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>