1

I have a Tomcat 8 app deployed on Elastic Beanstalk which uses a sub-domain of my main app. Both are separate applications and do not interact. I have a mod_rewrite rule to redirect all http requests to https in a configuration file in the .ebextensions folder -

files:
  "/etc/httpd/conf.d/httpd_redirect.conf" :
    mode: "000644"
    owner: root
    group: root
    content: |
      LoadModule rewrite_module modules/mod_rewrite.so
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://sub.domain.com%{REQUEST_URI} [L,R]

So ideally, someone accessing the app at sub.domain.com or http://sub.domain.com will be redirected to https://sub.domain.com.

The problem is that this works only after I request the app with https first. So, I have to request https://sub.domain.com first, and from then onwards, non-https requests will be redirected to https.

Also, this only works until I clear my browser cache. Once the cache is cleared, non-https requests are no longer redirected to https. I have make an https request first again for the redirection to start working.

What could be causing this? The main domain uses a separate certificate from that of the sub-domain if it matters.

How can I force the application to always use https?

I have a secure listener enabled on the load balancer with this configuration file in .ebextensions -

option_settings:
  aws:elb:listener:443:
    SSLCertificateId: arn:aws:acm:us-east-2:1234567890123:certificate/####################################
    ListenerProtocol: HTTPS
    InstancePort: 80
Anish Sana
  • 123
  • 6
  • See the answer to this question: https://stackoverflow.com/questions/26679186/force-user-to-access-the-site-using-https-only – bmb Jan 04 '18 at 17:40

1 Answers1

0

The problem was not with the rewrite rule. The file had to be placed in a specific path within .ebextensions for it to work in Tomcat 8. The configuration files had to be setup differently too. Most examples provided were not for Tomcat so I ended up putting them in the wrong location.

What worked -

In /.ebextensions/httpd/conf.d/myconf.conf, place -

LoadModule rewrite_module modules/mod_rewrite.so

and in /.ebextensions/httpd/conf.d/elasticbeanstalk/00_application.conf, place -

<VirtualHost *:80>
  <Proxy *:80>
    Order Allow,Deny
    Allow from all
  </Proxy>
  ProxyPass / http://localhost:8080/ retry=0
  ProxyPassReverse / http://localhost:8080/
  ProxyPreserveHost on

  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

  ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>

Take note of the use of .conf files instead of .config. This is important!

Also, the false sense of redirection that I was getting was due to the browser cache serving me the https site. This is why it would not work when I cleared my cache.

Anish Sana
  • 123
  • 6
  • I don't get it. You are forcing all traffic through 443 -> 80 -> 8080, but there is no added value of 80 (like serving static html files). Maybe go 443 -> 8080 and use 80 only for redirect. This problem has nothing to do with Apache Tomcat, and all to do with **Apache httpd**. – kubanczyk Feb 09 '18 at 05:54
  • @kubanczyk As implied by my answer, neither of them were the problem. The problem was with the location of the rewrite rule config file in `.ebextensions` which Elastic Beanstalk uses for container configuration during deployment. They had a different implementation for Tomcat which I wasn't aware of and the problem was solved once I placed it in the right location. – Anish Sana Feb 09 '18 at 14:29