7

I've been dipping into AWS for the 1st time am bit stuck with a problem trying to set up a load balancer (ELB).

So far I have used ECS to create 2 EC2 instances that are running a container each with an app listening on port 3000.

For each of the instances I am able to browse to their IPv4 Public IPs specifying port 3000 and get to the containerised app. I am able to log in and use the app as expected.

So I thought the right thing to do next is set-up an ELB which would not only balance the load(!) but also handle port forwarding.

The ELB has a port 80 Listener, and I have a Target Group in which I have registered my ECS instances on port 3000.

I have then popped the ELBs DNS name (i.e. my-load-balancer-123456789.eu-west-1.elb.amazonaws.com) into my browser and was presented with the logon page of my app.

All good until I actually log on. I am then presented with the error message:

ERR_TOO_MANY_REDIRECTS: my-load-balancer-123456789.eu-west-1.elb.amazonaws.com redirected you too many times.

I have 2 questions

1: Why is the redirect loop happening?

2: Are there any diagnostic tools that I should know about which would help me with problems like this in the future?

Update: I have tried clearing all my browser cookies btw.

Any help appreciated.

ETFairfax
  • 3,794
  • 8
  • 40
  • 58
  • 3
    Try accessing the site with `curl --location -v http://elb-example-name.elb.eu-west-1.amazonaws.com` ... you should see more evidence of what's happening here that way... or look in your browser's developer tools at the request/response behavior. Your application is probably doing this, for reasons related to the fact that the incoming request includes the hostname of the balancer, rather than what it expects to see. – Michael - sqlbot Mar 10 '17 at 11:57
  • 2
    Oh, and with curl, test a second time using an additional option, `-H 'Host:example.com` where `example.com` is the hostname your application expects. See if there is a difference in behavior. – Michael - sqlbot Mar 10 '17 at 12:00
  • for me it was a URL Rewrite Rule in IIS which redirected http to https. Instead, I've disabled the rule in IIS and set the same rule in AWS ALB and all works – Yaron Jan 15 '20 at 09:08

4 Answers4

14

This issue is pretty common when you have redirects being done by the server itself. AWS has a guide for how to prevent these issues.

The following leads to an infinite loop of redirection between the load balancer and the backend web server:

  • The rewrite rule on the web server for directing HTTP requests to HTTPS forces requests to use port 443 for HTTPS traffic on the load balancer.
  • The load balancer still sends requests to the backend web server on port 80.
  • The backend web server redirects requests to port 443 on the load balancer.

The error ERR_TOO_MANY_REDIRECTS is returned, and the requests are never served.

To resolve this, change your web server’s rewrite rule using the X-Forwarded-Proto header of the HTTP request to apply only if the client protocol is HTTP. Ignore the rewrite rule for all other protocols used by the client.

Note: If you're using Application Load Balancers, use redirect actions to redirect traffic instead.

Jeremy
  • 1,878
  • 2
  • 30
  • 54
  • just upgraded a bitnami instance from a single server to a dual server setup behind a lod balancer on aws lightsail. as the load balancer takes care of the ssl now, that means the ssl doesn't get handled by the server, so it has to stop redirecting. your post help me track it down! – Terry Kernan Mar 11 '22 at 23:26
2

I ran into the same issue and this is what solved it for me:

  1. I configured both ports 80 and 443 as listeners on the Load balancer - The latter required the use of the Amazon certificate manager (https://aws.amazon.com/certificate-manager/) which started managing certificates for my servers.
  2. I retained the following redirect rule for port 80 on the server - "Redirect / https://www.example.com"
  3. I changed the SSL settings from "SSLEngine on" to "SSLEngine off"

The final point is extremely important so you do not get stuck in the infinite loop that Jeremy mentioned above.

I hope this helps someone as I have been stuck with this for weeks with a stateful app a company I am consulting for waiting to go live.

Oluwaseun Morafa
  • 49
  • 5
0

In our case we were getting same error, tried to make some redirect at AWS LB level but no luck. Later i have seen ec2 instance in which the site was configured has IIS redirect rule, i disabled all redirect rule and apply these redirect rule at AWS load balancer rather than IIS. Site strted running fine. It seems AWS lb only allow Redirect at LB level. IIS level not allowed.Bcoz IIS sends redirect loop error.

MARK Machines
  • 11
  • 2
0

For me, it was something completely unexpected that caused the problem. It turned out it was not an infinite loop problem. The certificate name mismatch caused a problem (but I was getting "ERR_TOO_MANY_REDIRECTS: [MY LOAD BALANCER DNS NAME] redirected you too many times).

AWS Services I was using: Lightsail Instances, Lightsail Load Balancer, S3 bucket, Route 53, and Lightsail CDN.

I used this tool to detect the SSL certificate error: https://www.ssllabs.com/ssltest/

Then, I followed the below link's instructions to fix the certificate problem:Encrypt SSL certificate in a Bitnami stack hosted on Amazon Lightsail

Hailey Yoon
  • 477
  • 4
  • 5