How can I use an Application Load Balancer to redirect one domain to another?

4 minute read
0

I want to use an Application Load Balancer to redirect one domain to another domain.

Short description

The Application Load Balancer service supports redirection of domain names as well as redirection from HTTP to HTTPS. If you have a domain that points to an Application Load Balancer, then use the Application Load Balancer to configure the domain.

Note: It's a best practice to use the Application Load Balancer to configure the domain instead of Amazon Simple Storage Service (Amazon S3).

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.

If you use an Application Load Balancer as part of your configuration, then you can use it to redirect one domain to another:

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. On the navigation pane, under Load Balancing, choose Load Balancers.
  3. Select your load balancer, and then choose Listeners.
  4. Choose View/edit rules for the load balancer listener that you want to use.
  5. Choose the Add rule icon (the plus sign).
  6. Choose Insert Rule.
  7. Choose Add condition.
  8. In the conditions section (IF), choose Add condition. Then, complete the following steps:
    Choose Host header, and then enter your hostname (for example, example.com).
    To save, choose the checkmark icon.
  9. In the actions section (THEN), choose Add action. Then, complete the following steps:
    Choose Redirect to.
    Specify the protocol and port, as your use case requires.
    Change Original host, path, query to Custom host, path, query.
    For Host, enter example2.com.
    For Path and Query, keep the default values (unless your use case requires you to change them).
    Set the Response to HTTP 301 "Permanently moved" or HTTP 302 "Found".
    To save, choose the checkmark icon.
    The THEN section now appears:
    Redirect to https://example2.com:443/#{path}?#{query}
    Status code: HTTP_301
  10. Choose Save.

Note: If both domains point to the same Application Load Balancer, then complete one of the following tasks:

  • Have separate certificates for both domains.
  • Use a Subject Alternative Name (SAN) certificate to validate the domains.

To confirm that the redirect is working, complete the following steps:

1.    In the AWS CLI, use the following curl function:

curl
    -Iv https://example.com -L
* Rebuilt URL to: https://example.com/
. . . 
* Connected to example.com (1.2.3.4) port 443 (#0)
<SSL handshake>
 > Host: example.com.   ------> Host name is example.com 
 > User-Agent: curl/7.61.1
 >
     Accept: */*> 
 * Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
 < HTTP/2 301       ------> ALB does redirection 
 < server: awselb/2.0
 < date: Fri, 06 Mar 2020 09:18:33 GMT
 < content-type: text/html
 < content-length: 150
 
 < location: https://example2.com:443/.   ----> redirected to "example2.com"
 < 
 * Issue another request to this URL: 'https://example2.com:443/'. ------> Curl initiates another request that is to example2.com 
 *   Trying 34.195.219.169...
 
 * TCP_NODELAY set
 <SSL handshake>
 > Host: example2.com.   ------> Host name has changed to example2.com 
 > User-Agent: curl/7.61.1
 > Accept: */*
 > 
 * Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
 <
     HTTP/2 200 ----> We got a response

2.    In your internet browser, enter example.com and confirm that it redirects to example2.com.

Note: Application Load Balancer supports only 301 and 302 redirects. These redirects allow the client to change the HTTP method from POST to GET in subsequent requests. If you need a 307 redirect, then the redirect must come through the target application.

Related information

How do I redirect an apex domain to its subdomain or any other domain using Amazon S3 and Amazon Route 53?

Application Load Balancers now support multiple TLS certificates with smart selection using Server Name Indication (SNI)

AWS OFFICIAL
AWS OFFICIALUpdated 7 months ago
4 Comments

Aloha,

I want to ask, why in host header there is a limitation that only FQDN names can be specified. Host value does not necessarily have to be FQDN (can be a single word, when for example in some company Search Paths are implemented on laptop network settings) and then it is impossible to make a rule, because "Invalid host header" error is thrown.

Can I get more information about this?

replied 9 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 9 months ago

Please allow empty strings to be used in place of the port number. Most redirects will be to http(s) locations with standard ports and it's weird to have the :80 or :443 showing in the address. You might say it's purely cosmetic but in my experience it will confuse and irritate "normal" users.

TC
replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 6 months ago