Steps I have taken:
Enabled 80 HTTP -> 80 HTTP and 443 HTTPS -> 80 HTTP on my load balancer in Elastic Beanstalk
Aliased my Route53 hosted zone for both www and apex A records to my load balancer
Set up the SSL certificate
Used the default ASP.NET React Template with HTTPS Redirection
Added <RuntimeIdentifier>win-x64</RuntimeIdentifier> in .csproj since EB doesn't use 2.1 yet.
Deployed with Visual Studio AWS Tools
What works:
https://www.example.com works
https://example.com works
What doesn't work:
http://example.com won't redirect to https://example.com
http://www.example.com won't redirect to https://www.example.com
I know in the past you had to write custom extension methods to get this to work with AWS LBs. Does anyone have a working example using the standard templates?
Maybe this solution is a little overkill for your environment. But you could set up a Cloudfront distribution. You should put your Elastic beanstalk url as origin and your https://example.com under CNAME, then you can decide if you want flexible SSL you can specify communication with the origin as HTTP only, or if you want end to end encryption you can specify HTTPS only (I think this would be the way to go in your particular case since you have configured your elastic load balancer to forward all requests from port 443 to port 80). Then under behavior you can select the option to redirect http to https and every request to http://example.com will be automatically redirected by Cloudfront to https://example.com
I hope this helps
Related
I am deploying a MERN stack using EC2 on AWS.
I have created SSL certificates for the following domains:
example.com
*.example.com
www.example.com
The cname and cvalue for example.com and *.example.com are identical but they are different for www.example.com
I have set up target groups and a load balancer and edited the listener to redirect from http to https.
I have set up 3 different records in the hosted zone of route 53 so that www.example.com, *.example.com and example.com are directed to the loadbalancer
I can load https://example.com
http://example.com directs to https://example.com
When the website loads (either by typing http or https) it does not connect to the server.
I am getting the following error in the console:
Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://54.220.212.131:5000/events'. This request has been blocked; the content must be served over HTTPS.
54.220.212.131 is the site's IP and 5000 is the server's port. This is hard coded in the front end.
How should I get the client to send requests to the server for a https connection?
It sounds like you have two services running, a front-end service that you have correctly configured to run behind a load balancer, and a back-end service that you are connecting directly to via the server's IP address on port 5000.
Your backend on port 5000 is not secure, and that is exactly what the web browser's error is telling you. You need to configure all your services to run behind the load balancer. You need to create a second target group that sends traffic to port 5000 on your server, and setup a routing rule on the load balancer's listener to send all traffic for api.ticketglen.com to that target group. Then you need to change your hard-coded values in from http://54.220.221.131:5000 to https://api.ticketglen.com.
What worked for me was to create the SSL certificates from the server and delete them and the load balancer altogether from the AWS platform.
Process is outlined here
I want to look for a feature on ALB AWS that can update http to https on its own just like in the NGINX load balancer , currently I have a website that uses wordpress but when using ALB, the website only shows text , is there another way to upgrade the url from http to https without having to edit the code?
Yes, you can redirect http to https as explained in AWS docs:
How can I redirect HTTP requests to HTTPS using an Application Load Balancer?
For that you need your own domain name. Once you have the domain you can the SSL certificate for HTTPS from Amazon Certificate Manager which you can deploy on your ALB.
So I was able to get SSL certificate for my website and it is on AWS but for some reason when I input www.mydomain.com or mydomain.com it still shows unsecured on the browser but when I add https to mydomain.com it shows the secure icon. Please anyone with how to solve this?
The reason is the server has no redirection policy, you need to add redirection policy to redirect site from HTTP to HTTPs.
If you are using Application load balancer you can go through below article to set up HTTP to HTTPS redirection.
redirect-http-to-https-using-alb
If you are using Nginx, then you can look into redirect-http-to-https-in-nginx
https-everywhere
SSL in web applications is only carried out when your user loads the website using HTTPS. Generally in this situation you would want to perform a redirect (a 302 is more preferable initially than a 301 as it is not permanent in the event of a rollback).
There are a number of ways you can trigger a redirection without having to make any server changes, it all depends on your infrastructure setup.
If the first point of call is CloudFront you can update your viewer protocol policy to Redirect HTTP to HTTPS. CloudFront will redirect any HTTP request before they touch the origin.
If you're using an application load balancer then you can update your listener rule for HTTP to redirect HTTP to HTTPS. As with the above requests would not be forwarded to your host.
Otherwise if you're a Classic Load Balancer, Network Load Balancer or just plain EC2 then it falls to you modifying the configuration of your hosts to do the redirect (remembering to set to a 302).
Below are links for most common web servers:
Apache
Nginx
IIS
Tomcat
Once you're happy with the redirect, feel free to set as a 301.
The above answer work but in addition, if you are using a load balancer in your AWS EC2 instance you can follow this video link to the best explanation and practice.
How to redirect HTTP traffic to HTTPS in the EC2 Elastic Load Balancer
I have a slight problem with SSL.
Currently if I were to route to my domain as example.com, it goes to the http version instead of the https version.
However, if I were to force https://example.com, it stays as https://example.com
I'm wondering what I have to do on the certificate manager side of AWS to get https working when I type in example.com without the https.
I have already configured my route 53 aliases for my domain to route to my elastic beanstalk url. I also have an SSL certificate for my domain example.com and *.domain.com that were both validated successfully, that are Amazon issued and also In Use.
Have you tried redirecting http traffic (80) to https (443)? This answer contains the steps
For ALBs, you can follow the below steps,
1.Add lister for https and forward the traffic to the target group
2.Add Lister for http and forward the traffic to https
Final Setup:
I have a subdomain in Amazon Route53. Let's say secure.example.com
If requests come like https://secure.example.com it is ok but I would like to force http requests to come through https. When user types http://secure.example.com it needs to be forwarded to https://secure.example.com.
Is there a domain level redirecting/forwarding requests coming through http to https in Amazon Route53?
Just a quick update for this question. Whilst in answer to your question no, you can't use route 53 to force HTTPS, this would lead some people to believe that forcing https on AWS hosting wasn't possible.
You can create a SSL certificate in Certificate Manager(or import your own), host your website where ever(S3/EC2), you then need to setup a CloudFront distribution for your site and import your SSL certificate, you can then use the option Redirect HTTP to HTTPS via the behavior tab in the CloudFront console.
Edit 22/02/2023
As correctly pointed out by Matt below, this isn't the right solution if you're using EC2 - for httpS on EC2 you should install an ssl certificate on the instance and configure the web server in the appropriate way.
If you're on Lambda for instance SSL can only be done via cloudfront currently I believe.
2019 +
The #Jamaurice Holt solution led me to the way but was a bit short
Classic Load Balancer
This solution only work with application load balancer, not classic load balancer, but you can migrate to use a more recent app balancer in EC2 > Load balancers > your load balancer > migrate
Application Load Balancer
On the console go to EC2 > Load balancers > your load balancer > listeners
Here you should have 2 rules: HTTP : 80 and HTTPS : 443
You just have to:
edit the HTTP : 80 rule
remove the forward rule and add a redirect rule to port 443
save and you should see something like:
No, there is no way to do this -- because it's not a DNS function to force any particular protocol, or to push values from one protocol to another. You can do this easily enough at the web server level, either in Apache, or IIS, or NGINX.
In any of those cases, the A or CNAME value pointing a specific record to a specific address (whether an IP or another host name) is the same, it's just going to connect via port 80 or port 443.
In Apache, you can simply use a rewrite (enable mod_rewrite first):
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://www.host.com/$1 [R]
I accomplished it using a (ELB) application load balancer and redirecting the traffic to port 443 in the ELB edit section. Of course I'm using an ec2 instance to host my application and website.