This post is part of the series WordPress and Elastic Beanstalk.
These days it’s expected that websites use HTTPS to help with website authentication and to protect data in transit. It’s good practice, plus Google factors it in to search rankings.
It’s easy with Elastic Beanstalk to request and immediately receive an SSL/TLS certificate. Once you have the certificate you can attach it to your Elastic Beanstalk instance, tweak your configuration, and deploy a new site that routes all traffic through HTTPS.
This post assumes that you have a WordPress application in Elastic Beanstalk (see WordPress and Elastic Beanstalk) and that you’re using a custom domain (see Add a Custom Domain to an Elastic Beanstalk WordPress Application).
Go to the Certificate Manager dashboard. If you haven’t issued any certificates click “Get Started” to request a new certificate, else click “Request a certificate”.
You will be guided through the steps to request a certificate. For your domain name enter “example.com” and add another name “www.example.com” (replacing “example” with your actual domain name). Follow the instructions to verify you ownership of the domain.
Once your certificate is issued, find the certificate ARN under the certificate details. You’ll need this for the next step.
Here we’ll add a new configuration file to .ebextensions in our source bundle to attach the certificate to our Elastic Beanstalk environment. Create a new file .ebextensions/secure-listener.config:
option_settings:
aws:elb:listener:443:
SSLCertificateId: replace:with:your:certificate:arn
ListenerProtocol: HTTPS
InstancePort: '80'
Replace the highlighted text with the ARN for your new certificate. The above tells our load balancer to listen to HTTPS requests on port 443 using our certificate, and to forward those requests to port 80 on our EC2 instances. If we stopped here we could access our site over HTTPS but people would still be able to access it over HTTP. In the next step we’ll redirect all HTTP traffic to HTTPS.
The load balancer sends all traffic to EC2 instances on port 80 over HTTP. Fortunately it also sets an X-Forwarded-Proto header that specifies the protocol of the original request, either http or https. We take advantage of that in the following configuration .ebextensions/ssl-rewrite.config:
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000444"
owner: root
group: root
content: |
RewriteEngine On
<If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L=301]
</If>
SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS=on
The post Add a Custom Domain to an Elastic Beanstalk WordPress Application addressed WordPress’s “site url” and “home url” configurations. We updated our environment variables in .ebextensions/env.config to reflect our new domain. We have to change those values again here to reflect HTTPS:
option_settings:
aws:elasticbeanstalk:application:environment:
...
WP_HOME: 'https://www.example.com'
WP_SITEURL: 'https://www.example.com'
...
Replace the highlighted values in the above with your domain.
Once you re-deploy your site all traffic should be redirected to HTTPS. Please feel free to leave any questions or suggestions in the comments area below.
Comments Leave a comment
Leave a comment