Configure WordPress in AWS with ELB and SSL

So you just tried to configure your WordPress in AWS with SSL and when you visit the page, instead of loading, got an “ERR_TOO_MANY_REDIRECTS” message? the site only works with http instead of https? Then this post is for you!

WordPress can get stuck in an infinite loop of URL redirections (https->http->https->…) when you try to redirect traffic to HTTPS. This post will help you to get your WordPress up and running with your SSL certificate with a load balancer in AWS quickly and painlessly.

The architecture

First of all, we have to know which are the elements that we have in our architecture, and then understand the routings of each element.

Let’s say we have a load balancer (AWS ELB), a SSL certificate (AWS Certificate Manager), and the instance(s) where our WordPress code is located (AWS EC2).

Our AWS architecture diagram would be like:

AWS Architecture with ELB, EC2 and Certificate Manager
AWS Architecture with ELB, EC2 and Certificate Manager

We havee to keep in mind that HTTPs and SSL are only necessary for the communication between Internet and the load balancer (ELB). Therefore the Certificate Manager will provide the SSL certificate only to the ELB.

The communication between the ELB and the EC2 instances are inside the Virtual Private Cloud (AWS VPC), therefore can communicate each other safely using http.

Once we have understood correctly the architecture, we have to configure the services correctly.

AWS Certificate Manager

AWS Certificate Manager is a service that lets us easily provision, manage, and deploy SSL certificates for use with AWS services. We will add our certificate to this service.

Load Balancer (AWS ELB)

Elastic Load Balancing (ELB) is a load-balancing service for Amazon Web Services (AWS) deployments. ELB automatically distributes incoming application traffic and scales resources to meet traffic demands. Therefore we create a Load Balancer using this ELB service.

Make sure you have this configurations on your ELB:

  • Add a listener for https, so our load balancer will expect https requests from Internet.
  • On the security group, choose the same as the EC2 instances (VPC).
  • For the routing, we only route traffic to http. These are the instructions we provide to the load balnacer when a request arrives to our ELB.

Web Service of EC2 (Apache)

At this point, although the load balancer (ELB) receives a https request, the ELB sends a EC2 internally a http request, and therefore, our application (in this case WordPress) may think this is wrong and redirect to https, causing a redirect loop.

So.. how can we know the protocol that came to the ELB? The ELB indicates it with the X-Forwarded-Proto request header.

The X-Forwarded-Proto request header helps us to identify the protocol (HTTP or HTTPS) that a client used to connect to your load balancer. The ELB service stores the protocol used between the client and the load balancer in the X-Forwarded-Proto request header and passes the header along to your server.

So the only thing we need to do is indicate the X-Forwarded-Proto to the web service or platform so it gets the protocolo that this header indicates.

Apache

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

WordPress code

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
    $_SERVER['HTTPS']='on';

Did you set up a WordPress securely on AWS and ELB in a different way?
Share the post and leave Comment below! 🙂

In:

,
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x