AWS Elastic Load Balancer - Force Redirect to HTTPS

09 Feb 2018

In response to the Chrome team’s news that Chrome 68 will mark all non-HTTPS sites as “Non-Secure”, I’ve decided to get this site set up with SSL. As always, my encounters with tech were mildly frustrating, and I’ve documented my solution to an issue below.

Some reference for how this site is set up - I build my site locally, upload it to an S3 bucket. An EC2 instance copies any changes made to the S3 bucket every minute and serves the S3 content. The EC2 instance is tucked behind an Elastic Load Balancer, and it’s all managed by Route 53.

So, you have your ELB set up pointing to your EC2 instance and want to force your user into using HTTPS.

Add the following lines to your /etc/httpd/conf/http.conf (Apache only).

<Directory>
    # You may have existing parameters here. Don't touch.
    RewriteEngine on 
    RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    # You may have existing parameters here. Don't touch.
</Directory>

This would redirect any HTTP traffic coming to our root directory to HTTPS. Enjoy!