aws application load balancer ssl termination

Question

I have a java application running in two ec2 instances and customer can access them using AWS application load balancer. Now the ALB can work as SSL termination point. All request goes through ALB on port 443. Working fine. The problem is in the java application sometime need to redirect to different path. As the java application does not know it is running behind SSL ALB so the redirect path includes http:// instead of https://

Is there any way to modify the protocol to https outside of my application ?

Answer 1

Your Java application needs to check the x-forwarded-proto header that is set by the load balancer to determine if the initial request was http or https.

Answer 2

You can try creating listener at port 80, the only thing this listener to is redirect the requests to port 443 (your HTTPS port).

If you are using elastic beanstalk, you can use this configuration for example:

Resources:
  AWSEBV2LoadBalancerListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      DefaultActions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: '443'
            Host: '#{host}'
            Path: '/#{path}'
            Query: '#{query}'
            StatusCode: HTTP_301
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 80
      Protocol: HTTP
  AWSEBV2LoadBalancerListener443:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      Certificates:
        - CertificateArn: Replace with Certificate ARN
      DefaultActions:
        - Type: forward
          TargetGroupArn:
            Ref: AWSEBV2LoadBalancerTargetGroup
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 443
      Protocol: HTTPS