Elastic load balancer and https

Question

Elastic load balancer and https

I work with Elastic Beanstalk and am having problems with SSL configuration.

I have an environment consisting of load balancing and one instance of EC2 at the moment. The load balancer has listeners on ports 443 and 80. The EC2 instance in the environment works with tomcat on port 80. I have a certificate in the load balancer and I can access the site on ports 443 and 80, and everything worked fine.

The problem is that I would like all requests to be redirected to port 443, even those that go to port 80. I was looking high and low for a way to do this without changing the security configuration. This is a small webapp running on Tomcat 7 with Spring and MVC protection. I tried to use

<sec:intercept-url pattern="/**" requires-channel="https"/>

but I have some pages that are not part of the filter chain as such

 <sec:http pattern="/login.html" security="none" />

This is similar to what could be solved on a load balancer, but I do not have much experience in configuring SSL. Any help is appreciated.

0

java ssl tomcat amazon-web-services amazon-ec2

user3316434 Feb 16 '14 at 16:54

source share

1 answer

Sony Kadavan · Answer 1 · 2014-02-16T18:38:31+0000

Your ELB accepts connections at 443 and 80, but it exits SSL there and only 80 connects to your code. SSL is mostly from the browser to the ELB. The Beanstalk backend ELB code is always 80.

Thus, any rule that expects conformance based on an incoming protocol does not work. Instead, you should use this “X-Forwarded-Proto:” header (which will be installed by ELB), and then follow the forwarding rule.

Elastic load balancer and https

More articles: