Always on SSL, using load balanced Apache instances on Amazon Web Services

, a 2-minute piece by Dev Mukherjee Dev Mukherjee

We’ve recently been experimenting with deploying a large scale WSGI application on Amazon Web Services (AWS). Our setup:

Our load balancer is configured to secures connections via SSL. It establishes the health of app server instances by polling an HTTP GET request and expecting it to return 200 OK.

The load balancers then uses HTTP headers to pass on information about the original client to the app servers. X-Forwarded-Proto contains the original protocol in use.

We like all our Web applications to always be on SSL.

Apache could typically use {HTTPS} server variable to check if the connection was secure or otherwise redirect the client. Under an AWS load balanced setup we rely on the HTTP headers set by the load balancer to ensure we’re running SSL.

The following Apache configuration does the trick nicely. It also demonstrates making an exception for particular URLs, e.g. the healthcheck URL requested via HTTP by the load balancer.

RewriteEngine On
RewriteCond %{REQUEST_URI} !healthcheck
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Next Up: a 1-minute piece by Dev Mukherjee Dev Mukherjee

SQLAlchemy and Alembic, the database Swiss army knife for Python

Read more