Join Log in
Score:0
avatar Server

Route 53 "Too Many Redirects" but access from ELB works

cn flag
Wayneio

  • I have an EC2 running pgadmin.

  • There's a target group pointing to it on port 80.

  • The TG is listening on port 443 but HTTP so it can redirect to the EC2 on port 80. (I previously had it 443 and HTTPs but read online that SSL termination should be here)

  • There's an ELB listening on 443 and pointing to the TG.

If I go to the URL of the ELB I can successfully access pgadmin, although obviously the browser shows a certificate error because the URL isn't the one in the ACM cert associated with the ELB.

I have R53 domain with an alias to the ELB, which matches the ACM cert, but when I go to this URL I get 'too many redirects' in the browser.

Not sure where the config could be wrong, especially as it works from the ELB just not the domain.

88
0 + 0
Score:0
avatar Server
cn flag
Bob

Fairly typical in case of SSL termination is that the back-end server/service will perceive that as: "the end-user is connected over a clear text protocol" , in other words over plain http.

It will then helpfully try to "resolve that security risk" by redirecting the user to HTTPS.

 ------                  ---------------                -------------------
| USER  | ===> HTTP ==> | Load balancer | ==> HTTP ==> | Redirect to HTTPS | 
 ------                  ---------------                -------------------

 ------                   -----------------                -------------------
| USER  | ===> HTTPS ==> | SSL termination | ==> HTTP ==> | Redirect to HTTPS | 
 ------                   -----------------                -------------------

User makes a new request (they were already using HTTPS, but a redirect is a redirect) but they will again be redirected:

 ------                   -----------------                -------------------
| USER  | ===> HTTPS ==> | SSL termination | ==> HTTP ==> | Redirect to HTTPS | 
 ------                   -----------------                -------------------

And then repeat that again and again.

The usual solution is to optionally re-configure the SSL termination point to make HTTPS requests to the back-end server, and remove the redirect to HTTPS functionality from the back-end server and move that to Load Balancer.

 ------                  -------------------  
| USER  | ===> HTTP ==> | Load balancer     | 
 ------                 | Redirect to HTTPS |      
                         -------------------

 ------                   -----------------                   ---------
| USER  | ===> HTTPS ==> | SSL termination | ==> HTTP(S) ==> | Respond | 
 ------                   -----------------                   ---------
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.