I have an app deployed to Elastic Beanstalk whose Tomcat container uses Google OpenID Connect for authentication. I want to redirect all http
requests to https
, for which I have the following mod_rewrite
configuration in a file in .ebextensions
-
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
Google OAuth2 credentials console has https://example.com/j_security_check
as an authorized redirect URL. The configuration works fine when either example.com
or https://example.com
is requested, whereupon the app is redirected to the mentioned authorized URL.
However, when http
is explicitly requested - http://example.com
- the app is being redirected to https
but port 80
is still being used. The authorized redirect URL then becomes https://example.com:80/j_security_check
and I get Error: redirect_uri_mismatch
.
How can I redirect explicit http
requests to https
with the port changed to 443
? The main goal is to match the mentioned authorized redirect URL. If possible, I'd like to implement this with the .ebextensions
configuration file or a similar solution.
The problem was not with the rewrite rule. The file had to be placed in a specific path within .ebextensions
for it to work in Tomcat 8. The configuration files had to be setup differently too. Most examples provided were not for Tomcat so I ended up putting them in the wrong location.
What worked -
In /.ebextensions/httpd/conf.d/myconf.conf
, place -
LoadModule rewrite_module modules/mod_rewrite.so
and in /.ebextensions/httpd/conf.d/elasticbeanstalk/00_application.conf
, place -
<VirtualHost *:80>
<Proxy *:80>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
Take note of the use of .conf
files instead of .config
. This is important!
Also, the redirection that I was getting was not genuine. I was not paying close attention, because when I requested example.com
, the browser cache was serving me https://example.com
. It was not actually redirecting an http
request to https
.