I can't seem to force https on the free usage tier of elastic beanstalk.
I have tried the following suggestion at How to force https on amazon elastic beanstalk without failing the health check
Using this Apache rewrite rule
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} !^/status$
RewriteCond %{REQUEST_URI} !^/version$
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
When I try that, http requests do not get redirected to https as I would like. Instead, the http page loads normally. I've also tried to use the X-Forwarded-Port header with the same result.
I've also tried the following rewrite rule
RewriteCond %{SERVER_PORT} 80
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
And this rule causes a redirect loop. So it would seem that the apache rewrite rules don't pick up the Elastic Load Balancer headers X-Forwarded-Port and X-Forwarded-Proto, but also a redirect loop isn't what I am going for either.
Please help. I am new to AWS, Elastic Beanstalk, and not very familiar with Apache rules. I am not too sure where to go from here. Thanks.
On elastic beanstalk you can just add your on configuration so that AWS overwrite their, it will allow you to overwrite the web-server configuration and submit your own configuration.
Simply add the following file under the path: .ebextensions\httpd\conf.d
File content:
The '.ebextensions' is the standard configuration folder in AWS and the rest just point to which file and folder you wish to overwrite. If the file or folder doesn't exist simple create them.
Just in case anybody is still struggling:
I've struggled for some time and finally, I've found a GitHub (from AWS team) with all AWS configs and the example below works for the HTTP>HTTPS redirection for Apache 2.2. (For configs for Apache 2.4 and Nginx please see the link below).
Apache 2.2
Create a file in the root directory of your app: YOUR_PROJECT_ROOT/.ebextensions/httpd/conf.d/elasticbeanstalk.conf (In case of using IntelliJ / Java make sure it go added to the final .WAR artifact)
Add the following lines to enable the redirection in the virtual host:
For more examples for Apache 2.4 and Nginx please visit this GitHub repository:
https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect/java-tomcat
Also, there is plenty more useful configuration and examples available.
Regards
Edit: Zags solution is more general and correct. I recommend it over mine (which is specific to a python env)
Here's a clean and quick solution that I came up with that avoids hacking wsgi.conf or using CloudFront
In your .ebextensions/some_file.config:
I feel like this is too easy, but seems to be working fine.
Also note that I am explicitly redirecting HTTP instead of "not HTTPS".
this is an easy solution
Edit the local version of wsgi.conf and add the following redirect rules within the < VirtualHost> < /VirtualHost> tags
Change the “/status” to whatever page you are using as a health check page.
Edit your < app>.conf file inside your .ebextensions directory to add a container command to copy this version of wsgi.conf over Amazon’s version
Deploy the code.
It should work and the file will be properly updated for each deployment. The only thing to watch for is if Amazon changes their base wsgi.conf file contents in the future, then your copy may no longer work.
Autor rickchristianson
I needed to enforce HTTPS only for our production environment, and not for the development and staging ones which are also on Elastic Beanstalk but do not use a load balancer (and therefore cannot be assigned a certificate directly).
I use an environment variable
USE_HTTPS
. We copy the thessl_rewrite.conf
file if and only ifUSE_HTTPS
is set totrue
..ebextensions/files/ssl_rewrite.conf
.ebextensions/https.config
Note that if you change
USE_HTTPS
, you need to redeploy your application for the change to take effect. You can also remove theecho
commands in thehttps.config
file if you wish.Please note that the most voted answer is a bit old now. The answer by A Paul is actually the correct answer. The link provided in his answer is by AWS (so it is the recommended method to override your Apache configuration to make the redirection from HTTP to HTTPS when running your application on Elastic Beanstalk).
There is one very important thing to note. If you are deploying more than 1 web app, then adding the .ebextensions folder inside one of your web app is not going to work. You will notice that Non of the configurations you specified are being written or created. If you are deploying multiple Web Apps on Elastic Beanstalk environment, then you will need to read this article by AWS Java Tomcat Deploy Multiple WAR files on Elastic Beanstalk
In general, you will need to have the following structure before you issue the eb command on it to deploy the WAR files:
if .ebextentions folder exists inside each WAR file, then you will notice that it is completely ignored and no configuration changes will be performed.
Hope this helps someone else.