Force HTTPS on an Elastic Beanstalk Site with WordPress

Updated Jan 25, 2018

This post is part of the series WordPress and Elastic Beanstalk.

Introduction

These days it’s expected that websites use HTTPS to help with website authentication and to protect data in transit. It’s good practice, plus Google factors it in to search rankings.

It’s easy with Elastic Beanstalk to request and immediately receive an SSL/TLS certificate. Once you have the certificate you can attach it to your Elastic Beanstalk instance, tweak your configuration, and deploy a new site that routes all traffic through HTTPS.

This post assumes that you have a WordPress application in Elastic Beanstalk (see WordPress and Elastic Beanstalk) and that you’re using a custom domain (see Add a Custom Domain to an Elastic Beanstalk WordPress Application).

Table of contents

Get an SSL/TLS certificate

Go to the Certificate Manager dashboard. If you haven’t issued any certificates click “Get Started” to request a new certificate, else click “Request a certificate”.

You will be guided through the steps to request a certificate. For your domain name enter “example.com” and add another name “www.example.com” (replacing “example” with your actual domain name). Follow the instructions to verify you ownership of the domain.

Once your certificate is issued, find the certificate ARN under the certificate details. You’ll need this for the next step.

Configure Elastic Beanstalk to use the certificate

Here we’ll add a new configuration file to .ebextensions in our source bundle to attach the certificate to our Elastic Beanstalk environment. Create a new file .ebextensions/secure-listener.config:

secure-listener.config Download Copy
option_settings:
  aws:elb:listener:443:
    SSLCertificateId: replace:with:your:certificate:arn
    ListenerProtocol: HTTPS
    InstancePort: '80'

Replace the highlighted text with the ARN for your new certificate. The above tells our load balancer to listen to HTTPS requests on port 443 using our certificate, and to forward those requests to port 80 on our EC2 instances. If we stopped here we could access our site over HTTPS but people would still be able to access it over HTTP. In the next step we’ll redirect all HTTP traffic to HTTPS.

Configure Elastic Beanstalk to force HTTPS

The load balancer sends all traffic to EC2 instances on port 80 over HTTP. Fortunately it also sets an X-Forwarded-Proto header that specifies the protocol of the original request, either http or https. We take advantage of that in the following configuration .ebextensions/ssl-rewrite.config:

ssl-rewrite.config Download Copy
files:
  "/etc/httpd/conf.d/ssl_rewrite.conf":
    mode: "000444"
    owner: root
    group: root
    content: |
      RewriteEngine On
      <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L=301]
      </If>
      SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS=on

Update your environment variables

The post Add a Custom Domain to an Elastic Beanstalk WordPress Application addressed WordPress’s “site url” and “home url” configurations. We updated our environment variables in .ebextensions/env.config to reflect our new domain. We have to change those values again here to reflect HTTPS:

env.config
option_settings:
  aws:elasticbeanstalk:application:environment:
    ...
    WP_HOME: 'https://www.example.com'
    WP_SITEURL: 'https://www.example.com'
    ...

Replace the highlighted values in the above with your domain.

Next steps

Once you re-deploy your site all traffic should be redirected to HTTPS. Please feel free to leave any questions or suggestions in the comments area below.

Comments Leave a comment

  • MR;MOONSHOT
    Thank you thank you thank you! This article saved me a bunch of time! Used it to help in transfering a godaddy wordpress over to AWS!

Leave a comment