0

It's quite a common problem but I can't figure out how to solve it and why the Application Load Balancing does not have an option for it.

I've an Application ELB set for the ECS and listening on 80 and 443, now, i would like to forward all the HTTP calls to HTTPS . What's the way? beacuse in the rules the only thing that I can do is to forward to instances. Do I've to deploy a Container just to do the fowarding? Do I need another ELB (network maybe) to forward HTTP to HTTPS?

EsseTi
  • 4,079
  • 5
  • 36
  • 63

2 Answers2

1

You cannot forward from HTTP to HTTPS using ALB. For this, you either need to do it using a proxy container or at the Web server in the application container.

If you are using AWS Cloudfront in front of your web application to cache the content, you can do the redirection there as well.

Ashan
  • 18,898
  • 4
  • 47
  • 67
  • I'm using a nginx, with the redirect set in the nginx.conf. do I need also to serve a webpage in order to pass the healthcheck? – EsseTi Feb 15 '18 at 16:22
  • Define HTTPS protocol for health check endpoint so that you will receive 200 instead of redirect passing the health checks – Ashan Feb 15 '18 at 18:13
  • done. the only problem right now is with SSL and domain. I've set up for the bare domain example.com but with the www.example.com when it's https:// i've problem because it fails in finding the SSL certificiate. what's the approach in this case? Can't I say to route53 to redirect evertything with www to non-www? – EsseTi Feb 16 '18 at 08:26
  • Route53 cannot do the redirection from its a DNS service. If your application supports both www and non-www, hope you have multiple subdomains supported SSL certificate. Also, make sure you put the final redirected path to Health check. – Ashan Feb 16 '18 at 09:03
0

I had the same problem and I did ALB balancer with two target groups

first group with 80 port

and second with 443 port

both http

then I did http and https listeners in ALB which point to those goups

http listener -> target group port 80

https listener -> target group port 443

autoscaling instance should be atached to both target groups

and in target group with port 80 I did redirect rules to https

aka
  • 41
  • 4