It been settled up in AWS a load balancer with 2 listeners as follow:
- HTTP:80 - fowarding to a Target Group (2 EC2 instances)
- HTTPS:443 - ELBSecurityPolicy forwarding to the same Target Group (2 EC2 instances)
The the EC2 instances are running tomcat 7 for a servlet application.
The problem is that when I hit the load balancer with a https request it redirect to one of the the two EC2 instances with a plain http request, then it redirect back to https.
I can see the redirects with a chrome extension, and they look looks like:
- https://load-balancer/home -> click to another page
- http://load-balancer/anotherpage
- https://load-balancer/anotherpage
In this way, the referrer won't work, it is null, because of the plain http internal request. Is this something can be avoided within AWS configuration ?
I tried within the servlet app with no joy, but I think must be something can be done in AWS.
How can be avoided internals http AWS redirects to EC2 nodes?
I also tried within the servlet application in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>secured page</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
But it won't work as it going to look at port 8443 by default, but the server is listening on 8080.