Otdfbt

Apply a different color ramp to subset of categorized symbols in QGIS?

What makes accurate emulation of old systems a difficult task?

Multiple fireplaces in an apartment building?

Why did C use the -> operator instead of reusing the . operator?

How much of a wave function must reside inside event horizon for it to be consumed by the black hole?

Who's the random kid standing in the gathering at the end?

How important is it that $TERM is correct?

What does "function" actually mean in music?

Is this a typo in Section 1.8.1 Mathematics for Computer Science?

Does a large simulator bay have standard public address announcements?

Could moose/elk survive in the Amazon forest?

Older movie/show about humans on derelict alien warship which refuels by passing through a star

Will I lose my paid in full property

Would the change in enthalpy (ΔH) for the dissolution of urea in water be positive or negative?

Why must Chinese maps be obfuscated?

Is there a better way to say "see someone's dreams"?

What was Apollo 13's "Little Jolt" after MECO?

How can I get rid of an unhelpful parallel branch when unpivoting a single row?

Check if a string is entirely made of the same substring

How to be good at coming up with counter example in Topology

A faster way to compute the largest prime factor

My bank got bought out, am I now going to have to start filing tax returns in a different state?

How to pronounce 'c++' in Spanish

How do I deal with a coworker that keeps asking to make small superficial changes to a report, and it is seriously triggering my anxiety?

AWS: How to redirect HTTP to HTTPS on App Load Balancer?

How to redirect HTTP to HTTPS on AWS Application Load Balancer?In Nginx, how can I rewrite all http requests to https while maintaining sub-domain?Redirect, Change URLs or Redirect HTTP to HTTPS in Apache - Everything You Ever Wanted to Know About Mod_Rewrite Rules but Were Afraid to Ask403 forbidden error going through aws load balancerPossible to redirect from HTTPS to HTTP behind load-balancer?How to add HTTPS to Elastic Load Balancer?Elastic beanstalk loadbalancer configure redirect from http to httpsForce HTTP to HTTPS redirectApache (http) behind load balancer (http/https) - Redirect does not preserve httpsHow to redirect HTTP to HTTPS on AWS Application Load Balancer?F5 BIG-IP monitor to detect http to https redirects

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

2

2

I have a number of IIS web servers behind an App Load Balancer (ALB). The web servers all have self-signed SSL certificate installed and redirect from HTTP to HTTPS using URL rewrite module properly setup:

If I directly access these web servers, HTTP will be redirected to HTTPS.

The protocol used by the target group is HTTPS.The ALB listens on both HTTP and HTTPS. It has a SSL certificate on "www.mysite.com".

However, when I tried to access the ALB using HTTP, it is not redirected to HTTPS. Now that the servers does redirect properly, why doesn't the ALB?

amazon-web-services https redirect amazon-alb

share|improve this question

edited Sep 27 '17 at 3:03

Silly Dude

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Your target group is probably pointing to port 443. That way your webservers always receive requests on port 443 from the ALB, so they don't do any redirect.
  
  – Sergey Kovalev
  Sep 26 '17 at 7:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You are right Sergey. So it should use port 80?
  
  – Silly Dude
  Sep 27 '17 at 2:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  But if I use port 80 on the target group, the ALB will insist in talking to the servers on port 80, while the servers insist in 443, the ALB will simply return "This site can’t be reached". I tried.
  
  – Silly Dude
  Sep 27 '17 at 3:00
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  One of the most popular workarounds is to put CloudFront in front of your website/ALB and tell CloudFront to redirect HTTP to HTTPS.
  
  – Sergey Kovalev
  Sep 27 '17 at 17:55
  

  
  
  
  

add a comment | 

2

2

I have a number of IIS web servers behind an App Load Balancer (ALB). The web servers all have self-signed SSL certificate installed and redirect from HTTP to HTTPS using URL rewrite module properly setup:

If I directly access these web servers, HTTP will be redirected to HTTPS.

The protocol used by the target group is HTTPS.The ALB listens on both HTTP and HTTPS. It has a SSL certificate on "www.mysite.com".

However, when I tried to access the ALB using HTTP, it is not redirected to HTTPS. Now that the servers does redirect properly, why doesn't the ALB?

amazon-web-services https redirect amazon-alb

share|improve this question

edited Sep 27 '17 at 3:03

Silly Dude

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Your target group is probably pointing to port 443. That way your webservers always receive requests on port 443 from the ALB, so they don't do any redirect.
  
  – Sergey Kovalev
  Sep 26 '17 at 7:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You are right Sergey. So it should use port 80?
  
  – Silly Dude
  Sep 27 '17 at 2:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  But if I use port 80 on the target group, the ALB will insist in talking to the servers on port 80, while the servers insist in 443, the ALB will simply return "This site can’t be reached". I tried.
  
  – Silly Dude
  Sep 27 '17 at 3:00
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  One of the most popular workarounds is to put CloudFront in front of your website/ALB and tell CloudFront to redirect HTTP to HTTPS.
  
  – Sergey Kovalev
  Sep 27 '17 at 17:55
  

  
  
  
  

add a comment | 

I have a number of IIS web servers behind an App Load Balancer (ALB). The web servers all have self-signed SSL certificate installed and redirect from HTTP to HTTPS using URL rewrite module properly setup:

If I directly access these web servers, HTTP will be redirected to HTTPS.

The protocol used by the target group is HTTPS.The ALB listens on both HTTP and HTTPS. It has a SSL certificate on "www.mysite.com".

However, when I tried to access the ALB using HTTP, it is not redirected to HTTPS. Now that the servers does redirect properly, why doesn't the ALB?

amazon-web-services https redirect amazon-alb

share|improve this question

edited Sep 27 '17 at 3:03

Silly Dude

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

share|improve this question

edited Sep 27 '17 at 3:03

Silly Dude

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

share|improve this question

edited Sep 27 '17 at 3:03

Silly Dude

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

asked Sep 26 '17 at 4:27

Silly DudeSilly Dude

2301413

2 Answers
2

active

oldest

votes

1

It's now possible to directly do some redirection in any ALB rule, see related AWS announcement.

To unconditionally redirect all queries from HTTP to HTTPS, you have to configure the HTTP listener with only the default rule/action to permanently redirect (301) all request with the same host, path and query on the HTTPS port (typically: 443) with the HTTPS protocol:

share|improve this answer

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

add a comment | 

0

Assuming that you are running Microsoft Windows in an EC2 instance, and you are using IIS to configure two web sites, siteA and siteB. Set up siteA to bind at port 81 and siteB to bind at port 82.

STEP 1:

In AWS console, select "Target Groups" under "Load Balancing". Create two target groups:

1. siteA-target-group with your web server instance ID and port 81

2. siteB-target-group with your web server instance ID and port 82

Note: you can add more web server instances in the target group for load balancing and failover purposes.

STEP 2:

In AWS ALB, there are two listeners, one for port 80 and one for port 443.

For HTTP (80), add 2 rules:

1. if host is siteA.com, redirect to https://#host:443/#path?#query

2. if host is siteB.com, redirect to https://#host:443/#path?#query

For HTTPS (443), add 2 rules:

1. if host is siteA.com, forward to siteA-target-group

2. if host is siteB.com, forward to siteB-target-group

STEP 3:

On your DNS provider, set up a CNAME for siteA.com to point at the ALB's DNS name. Similarly, set up a CNAME for siteB.com.

When the above setup is completed, test connecting to http://siteA.com or http://siteB.com

i) traffic hits the ALB port 80

ii) host header matches the rule "siteA.com" and redirect traffic to port 443

iii) traffic hits the ALB port 443

iv) host header matches the rule "siteA.com" and forward to target group siteA-target-group

v) siteA-target-group points at port 81 on the web server and the page is served.

share|improve this answer

edited Apr 18 at 23:10

bummi

164229

answered Apr 18 at 19:37

John NgJohn Ng

11

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f875477%2faws-how-to-redirect-http-to-https-on-app-load-balancer%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

It's now possible to directly do some redirection in any ALB rule, see related AWS announcement.

To unconditionally redirect all queries from HTTP to HTTPS, you have to configure the HTTP listener with only the default rule/action to permanently redirect (301) all request with the same host, path and query on the HTTPS port (typically: 443) with the HTTPS protocol:

share|improve this answer

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

add a comment | 

1

It's now possible to directly do some redirection in any ALB rule, see related AWS announcement.

To unconditionally redirect all queries from HTTP to HTTPS, you have to configure the HTTP listener with only the default rule/action to permanently redirect (301) all request with the same host, path and query on the HTTPS port (typically: 443) with the HTTPS protocol:

share|improve this answer

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

add a comment | 

It's now possible to directly do some redirection in any ALB rule, see related AWS announcement.

To unconditionally redirect all queries from HTTP to HTTPS, you have to configure the HTTP listener with only the default rule/action to permanently redirect (301) all request with the same host, path and query on the HTTPS port (typically: 443) with the HTTPS protocol:

share|improve this answer

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

share|improve this answer

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

answered Aug 19 '18 at 22:25

Sylvain BugatSylvain Bugat

11114

0

Assuming that you are running Microsoft Windows in an EC2 instance, and you are using IIS to configure two web sites, siteA and siteB. Set up siteA to bind at port 81 and siteB to bind at port 82.

STEP 1:

In AWS console, select "Target Groups" under "Load Balancing". Create two target groups:

1. siteA-target-group with your web server instance ID and port 81

2. siteB-target-group with your web server instance ID and port 82

Note: you can add more web server instances in the target group for load balancing and failover purposes.

STEP 2:

In AWS ALB, there are two listeners, one for port 80 and one for port 443.

For HTTP (80), add 2 rules:

1. if host is siteA.com, redirect to https://#host:443/#path?#query

2. if host is siteB.com, redirect to https://#host:443/#path?#query

For HTTPS (443), add 2 rules:

1. if host is siteA.com, forward to siteA-target-group

2. if host is siteB.com, forward to siteB-target-group

STEP 3:

On your DNS provider, set up a CNAME for siteA.com to point at the ALB's DNS name. Similarly, set up a CNAME for siteB.com.

When the above setup is completed, test connecting to http://siteA.com or http://siteB.com

i) traffic hits the ALB port 80

ii) host header matches the rule "siteA.com" and redirect traffic to port 443

iii) traffic hits the ALB port 443

iv) host header matches the rule "siteA.com" and forward to target group siteA-target-group

v) siteA-target-group points at port 81 on the web server and the page is served.

share|improve this answer

edited Apr 18 at 23:10

bummi

164229

answered Apr 18 at 19:37

John NgJohn Ng

11

add a comment | 

0

Assuming that you are running Microsoft Windows in an EC2 instance, and you are using IIS to configure two web sites, siteA and siteB. Set up siteA to bind at port 81 and siteB to bind at port 82.

STEP 1:

In AWS console, select "Target Groups" under "Load Balancing". Create two target groups:

1. siteA-target-group with your web server instance ID and port 81

2. siteB-target-group with your web server instance ID and port 82

Note: you can add more web server instances in the target group for load balancing and failover purposes.

STEP 2:

In AWS ALB, there are two listeners, one for port 80 and one for port 443.

For HTTP (80), add 2 rules:

1. if host is siteA.com, redirect to https://#host:443/#path?#query

2. if host is siteB.com, redirect to https://#host:443/#path?#query

For HTTPS (443), add 2 rules:

1. if host is siteA.com, forward to siteA-target-group

2. if host is siteB.com, forward to siteB-target-group

STEP 3:

On your DNS provider, set up a CNAME for siteA.com to point at the ALB's DNS name. Similarly, set up a CNAME for siteB.com.

When the above setup is completed, test connecting to http://siteA.com or http://siteB.com

i) traffic hits the ALB port 80

ii) host header matches the rule "siteA.com" and redirect traffic to port 443

iii) traffic hits the ALB port 443

iv) host header matches the rule "siteA.com" and forward to target group siteA-target-group

v) siteA-target-group points at port 81 on the web server and the page is served.

share|improve this answer

edited Apr 18 at 23:10

bummi

164229

answered Apr 18 at 19:37

John NgJohn Ng

11

add a comment | 

Assuming that you are running Microsoft Windows in an EC2 instance, and you are using IIS to configure two web sites, siteA and siteB. Set up siteA to bind at port 81 and siteB to bind at port 82.

STEP 1:

In AWS console, select "Target Groups" under "Load Balancing". Create two target groups:

1. siteA-target-group with your web server instance ID and port 81

2. siteB-target-group with your web server instance ID and port 82

Note: you can add more web server instances in the target group for load balancing and failover purposes.

STEP 2:

In AWS ALB, there are two listeners, one for port 80 and one for port 443.

For HTTP (80), add 2 rules:

1. if host is siteA.com, redirect to https://#host:443/#path?#query

2. if host is siteB.com, redirect to https://#host:443/#path?#query

For HTTPS (443), add 2 rules:

1. if host is siteA.com, forward to siteA-target-group

2. if host is siteB.com, forward to siteB-target-group

STEP 3:

On your DNS provider, set up a CNAME for siteA.com to point at the ALB's DNS name. Similarly, set up a CNAME for siteB.com.

When the above setup is completed, test connecting to http://siteA.com or http://siteB.com

i) traffic hits the ALB port 80

ii) host header matches the rule "siteA.com" and redirect traffic to port 443

iii) traffic hits the ALB port 443

iv) host header matches the rule "siteA.com" and forward to target group siteA-target-group

v) siteA-target-group points at port 81 on the web server and the page is served.

share|improve this answer

edited Apr 18 at 23:10

bummi

164229

answered Apr 18 at 19:37

John NgJohn Ng

11

share|improve this answer

edited Apr 18 at 23:10

bummi

164229

answered Apr 18 at 19:37

John NgJohn Ng

11

edited Apr 18 at 23:10

bummi

164229

edited Apr 18 at 23:10

bummi

164229

answered Apr 18 at 19:37

John NgJohn Ng

11

answered Apr 18 at 19:37

John NgJohn Ng

11