Skip to main content

How to force redirect HTTP to HTTPS in Amazon Elastic Beanstalk

After picking up bits and pieces over the Internet, here I have the complete guide for my particular setup. My Amazon AWS Elastic Beanstalk (ELB or EBS) is as follows:
  • 64bit Amazon Linux 2016.03 v2.1.1 running Tomcat 8 Java 8
  • Java/JSP application on Apache Tomcat
  • Maven Build

How to get it done:

First, configure your EBS instance:
  1. Go to Configuration and click the gear on Load Balancing.
  2. Under Load Balancer, set the following options:
    1. Listener port: 80
    2. Protocol: HTTP
    3. Secure listener port: 443
    4. Protocol: HTTPS
    5. SSL certificate ID: Choose the cert ID that goes with your server. If you don't have one, you can use Certificate Manager to create one.
  3. Apply and save this configuration. Let the server health be OK.
  4. Test it by accessing your application web page through both HTTP and HTTPS:
    1. HTTP should load the page unsecurely.
    2. HTTPS should load the page securely.
    3. No port number should be added after the domain name in either case.
Then, add a configuration file in a folder called .ebextensions in your project. When you do Maven Build, this folder should go into the root of the WAR file. (If you package multiple WAR files into a ZIP file, the folder should be included at the root of the ZIP file itself, not any of the WAR files).
  1. To correctly add this folder to the root of the WAR file, in my project, I created this folder in src/main/webapp folder, alongside resources and WEB-INF folders.
    1. Note: If you're on Windows, you will need to use Command Prompt or Bash emulator to create the folder. This is because Windows Explorer doesn't allow creating folders starting with a period.
  2. Inside the folder, create a file with any name, but with the extension .config. So it could be ssl_rewrite.config which is a nice name to remember what this is for.
  3. Edit the file and put the following as its contents:
    mode: "000644"
    owner: root
    group: root
    content: |
      <VirtualHost *:80>
        <Proxy *>
          Order deny,allow
          Allow from all
        ProxyPass / http://localhost:8080/ retry=0
        ProxyPassReverse / http://localhost:8080/
        ProxyPreserveHost on
        ErrorLog /var/log/httpd/elasticbeanstalk-error_log
        RewriteEngine on
        RewriteCond %{HTTP:X-Forwarded-Proto} =http
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

        - "/etc/httpd/conf.d/00_ssl_rewrite.conf"

  • The files section creates a conf file in the given path, with the given parameters.
  • The content from <VirtualHost *:80> to </VirtualHost> has been copied from an instance of the environment, specifically from the file /etc/httpd/conf.d/elasticbeanstalk.conf.
  • That copied content has been modified to add the three Rewrite* lines just before the closing </VirtualHost> tag.
  • If your elasticbeanstalk.conf differs, you should use that instead, and just add the three Rewrite* lines. Remember to indent the content properly as the YAML format requires indentation.
  • You could use the name elasticbeanstalk.conf instead of 00_ssl_rewrite.conf but I would prefer to use the latter to:
    • Prevent overwrite of the default elasticbeanstalk.conf installed by EBS.
    • Ensure 00_ssl_rewrite.conf always takes precedence (conf files are loaded alphabetically and the first VirtualHost takes precedence).
  • The services section restarts httpd after writing the file, thus ensuring that the configuration is loaded. Without it, httpd would need to be manually reloaded unless the instance is dropped and recreated.
Finally, do a Maven build and deploy:
  1. Execute the Maven Build and get the WAR file as usual.
  2. Open the WAR file in an archiver like 7-Zip to check and make sure the .ebextensions folder is at the root and has the config file.
  3. In ELB, upload and deploy the WAR file to your environment. Let the server health be OK.
  4. Test it by accessing your application web page through both HTTP and HTTPS:
    1. HTTP should give a 301 redirect to HTTPS. (You can see this in Inpector's Network view.)
    2. HTTPS should load the page securely.
    3. No port number should be added after the domain name in either case.
That's it! It sounds so simple in hindsight, but I had to try a lot of misleading and incomplete solutions strewn over the Internet before arriving at this exact solution. I hope this helps you cut to the chase a lot faster than I could.


Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software: IntelliJ IDEA PhpStorm PyCharm RubyMine WebStorm AppCode CLion Google also provides Android Studio which is powered by the IntelliJ platform. If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to. You can change the behavior by altering some settings.

Group, Ungroup and Regroup disabled in Word

I was editing a Microsoft Word document which had a collection of shapes and text boxes grouped together. I wanted to modify some of the shapes, and therefore I had to ungroup them. But when I right-click the group and open the Group menu, all three options namely Group, Ungroup and Regroup are completely disabled or grayed out. I couldn’t figure out what’s wrong. This group of objects is perfectly ungroupable, and I can even select objects within the group. However, Microsoft Word 2007 is not letting me ungroup it. I searched the Internet for a solution, but did not find anything very useful. The closest I came across is this statement: “The type of Text Wrapping doesn't make any difference as long as it isn't In Line with Text.” ( Link here ) Anyway, I changed the text wrapping of the group of objects from ‘In line with Text’ to ‘Tight’ and viola! I could now ungroup it and edit it. The document got a bit messed up when I did so, but after I ungrouped, edited and regro

Setting up a local Oracle XE database and importing DMP file

The experience of setting up a local Oracle Express Edition database is not a straight-forward as it should be. The following is supposed to outline what could go wrong and how to go about it the right way. It also includes importing a DMP file (a dump) from another system. First of all, download the installer from Oracle website . You will need to sign-in to download - the account creation is free. Be sure to choose the correct bit as per your computer (x64 or x86). Extract the download and install XE by running DISK1\setup.exe (and feel nostalgic of the floppy disk era) . During installation, you will need to choose a new password. There will also be some details displayed after you enter the new password, such as folders and ports. Be sure to save both password and details in a text file for future reference. I saved it as C:\oraclexe\details.txt . Save password only if it's generic and you are likely to forget. The installation will take a while, but usually, no rest