Search code examples
amazon-web-servicesamazon-ecselastic-load-balancerjwilder-nginx-proxy

Force ssl within a Node/Express web using AWS ECS

I have a cluster (that could have N instances in autoscaling) and I have a service with a website done in Node/Express.

I have a Elastic Load Balancer which has a Target Group and the Listener points certain path to this target group.

Everything works as expected, the website loads, and I can access with and without https but how could I make the HTTPS mandatory redirecting from HTTP? I don't have any proxy in ECS (don't know if nginx-proxy supports several instances in my cluster)

Thanks

Solution

  • Update Jul 25, 2018: Elastic Load Balancing Announces Support for Redirects and Fixed Responses for Application Load Balancer. You can find more information in AWS listener rules.

    You cannot do the HTTP to HTTPS redirect on your ELB/ALB.

    There are multiple approaches to do it in AWS.

    • Use AWS CloudFront in front of your application and do the SSL redirect there. You have the benefit of edge caching at CDN but will cost more.
    • Having a Nginx proxy container like Jwilder Nginx Proxy in front of your NodeJS/Express containers and enforce redirect at proxy. This is an approach if you have common rules for all of your NodeJS/Express containers such as HTTP to HTTPS redirect.
    • Use a docker image for NodeJS/Express containers which has Nginx internally.

    Note: Since you are using Node/Express its a best practice to have a web server like Nginx in front of it. Check the following Stackoverflow Q/A for more details.