Force Apache to treat HTTP as HTTPS with Cloudfront SSL/TLS

abhig10

12/22/22, 6:54 PM

I've a CloudFront Distribution that uses AWS Certificate for SSL/TLS requests coming from https://example.com and an origin that forwards those requests to EC2.

The Distribution is set to use HTTP protocol between itself and origin (EC2) and behavior is set to Redirect HTTP to HTTPS such that any http://example.com are redirected to https://example.com.

The EC2 has an Apache server that serves file. However, when I visit https://example.com all static resources (css, js) are being served over HTTP which are blocked by the broser due to loading mixed active content.

My current Apache configuration only has default /etc/apache2/sites-enabled/000-default.conf with <VirtualHost *:80> and <VirtualHost *:443> does not exist. Also, I did not create <VirtualHost *:443> since I do not have certs and keys for SSL.

How do I solve this issue? Is it possible through reverse proxy? What would be the best practice here?

Update: My setup is same as described in this answer but without the ELB https://stackoverflow.com/a/44453691/1197636.

272

1 + 1

apache-2.4

Michael Hampton

12/24/22, 12:32 AM

This is caused by your web application. You will need to reconfigure it to use relative paths or https absolute URLs.

Score:0

Server

Alex

12/22/22, 7:58 PM

You need to let Apache know that you're behind a load balancer. This is done by the X-Forwarded-Proto header. This can be set either in your virtual host config or in .htaccess.

SetEnvIf X-Forwarded-Proto "https" HTTPS=on

Another important part is to configure your framework/code to serve content over https. If you have hard coded URLs, etc. Start with the header and work from there

0 + 2

abhig10

12/22/22, 8:39 PM

Can you share an example for `X-Forwarded-Proto`? I added the `RequestHeader set X-Forwarded-Proto "https"` in `<VirtualHost *:80></VH>` but that didn't work.

abhig10

12/22/22, 8:56 PM

Turns out adding it to both places, VH and .htaccess does work. But it doesn't work only adding it in a single place.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Force Apache to treat HTTP as HTTPS with Cloudfront SSL/TLS

TH: บังคับให้ Apache ใช้ HTTP เป็น HTTPS ด้วย Cloudfront SSL/TLS

RO: Forțați Apache să trateze HTTP ca HTTPS cu Cloudfront SSL/TLS

RU: Заставить Apache рассматривать HTTP как HTTPS с помощью Cloudfront SSL/TLS

VI: Buộc Apache coi HTTP là HTTPS với Cloudfront SSL/TLS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.