SSL on ELB confusion when redirecting to HTTPS

2
votes

I have installed an SSL on ELB. I have one EC2 instance in the ELB and can access the website via the SSL fine (IIS Windows 2008 server).

The confusion is when I am in NON HTTPS and I perform a redirect in my app to the HTTPS area, I get an error.

Doing some digging in the listeners area, I can see Port 443 on the ELB forwards to port 80 on the instances which makes sense, but then how do I handle this scenario?

For now, I have 'hacked' it by adding a self signed cert on my instance and then forwarding 443 from ELB to 443 on the instance, but this kind of defies the point?!

Any advice on how this should be structured would be great!

1
sslamazon-web-servicesamazon-ec2amazon-elb

1 Answers

2
votes

You have both port 80 and 443 on you load balancer forwarding to port 80 on your instance, so you need to figure out how to tell them apart.

The ELB sets a header value so you can tell these two types of requests apart.

Take a look at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers but the value you want to check is X-Forwarded-Proto - this should have http or https, and obviously if it's http you would then redirect to https.