AWS Application Load Balancer SSL Termination with Apache Docker

Question

I am using AWS Application load balancer to set up my environment.

Application load balancer receives requests from the Internet at port 443 and forwards it to port 80.
Apache server is running with docker on EC2 server on port 80 behind load balancer.
My website is developed using CakePHP.
When I called https://www.example.com, my webpage was loaded.
However, at PHP, when I used the following code to get the current url, the url I got is http://www.example.com. I am not getting https. I only get http.

echo Router::url('/', true);

So when the application makes an ajax call, the requests are coming over http (Not https) and browsers are rejecting the request as “blocked:mixed contents”. I think the requests should be coming out as https. Please point out what I am missing.

I tried the following and nothing work

In host file. (or) I put it in .htaccess

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}

If you define `HTTPS` as `true` in your environment somehow (Apache config or .env file, for example), I think that might take care of it for you. — Greg Schmidt, Sep 23 '20 at 13:18
@GregSchmidt Could you show me example on how to define HTTPS as true in apache? Thanks for help. — Wai Phyo San Tin, Sep 24 '20 at 05:29

score 0 · Answer 1 · answered Jan 22 '21 at 08:54

I got the solution. The trick is to set the $_SERVER['HTTPS'] variable "on". In apache, turn on "setenvif" module. Then in "/etc/apache2/apache2.conf", put the following settings

# for port forwarding
RemoteIPHeader X-Forwarded-For

# set Environment Variable
SetEnvIf x-forwarded-proto https HTTPS=on

After that, check "phpinfo()" to make sure $_SERVER['HTTPS'] is "on".

AWS Application Load Balancer SSL Termination with Apache Docker

1 Answers1