issues with .htaccess when Cloudfront to Virtual Apache Server on EC2 with Ubuntu and Amazon SSL

0

I have Apache Virtual Server on EC2 directly connected to cloudfront distribution.

http to https and www to non-www redirect not working with the following .htaccess

```
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
```

Requests to http://example.com return 200 OK

Response Headers:

```
HTTP/2 200 OK
content-type: text/html
content-length: 53335
date: Tue, 06 Jun 2023 07:28:02 GMT
server: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2
last-modified: Thu, 08 Dec 2022 10:14:20 GMT
etag: "d057-5ef4e4ce33700"
accept-ranges: bytes
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 259df3f3acee8ca070d87aedc7b2.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: oxvbXrSwIpgwMjr9_5ucSj0x9YF3qRL4ablFSQqlgT==
X-Firefox-Spdy: h2
```

and here the Request Headers

```    
GET / HTTP/2
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Sec-GPC: 1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
```

**That is the Cloudfront configuration + Route 53 Configuration : ** https://i.stack.imgur.com/bbHKj.jpg

bgbs
asked 10 months ago737 views
2 Answers
0
Accepted Answer

Your configuration only supports http and not https.

You may want to configure cloudfront to match viewer as per document so that clients follow the redirect.

Otherwise configure cloudfront to communicate with your ec2 via https only.

Please see details here https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html

Updated

For viewer redirection you need to configure that on the cloudfront distro and remove the redirect on apache as you do not have ssl running on the webserver. Please follow these instructions to force viewer redirection https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html#

Try the following in your htaccess file too

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
profile picture
EXPERT
answered 10 months ago
  • OK but SSL is issued on AmazonCM. Cloudfront is connected directly to Apache on port 80, Apache SSL is OFF as i do not have a path to SSL. If i set Origin to HTTPS and 443 it will fail. DO you mean there is workaround?

  • Ok understand now. It wasn’t mentioned in your question. You can’t have a redirect in your .htaccess file if you do not have ssl on your apache server. You therefore need to remove the http to https redirect in the .htaccess file and Leave CF origin set to http and follow theses instructions to configure viewer redirect https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html#

  • Thanks i have 2 questions: If i use Viewer Protocol Policy: Redirect HTTP to HTTPS how do i redirect www to non-www? Can i also force this from cloudfront? All of the .htaccess rules for www to non-www return 200 OK for https://www.example.com/ Please note I have example.com and www.example.com as alternate domain names

    1. If i stick to Http and Https Viewer Policy and if i issue let's encrypt or self signed certificate to turn Apache SSL ON, will http to https redirect in apache work? And if that is possible, can i keep also the Amazon SSL because i want to avoid importing custom SSL to amazon?
  • With your 2. question, you still do not need https on the apache server as cloudfront will enforce the http to https redirect for you. You can place ssl certificate on apache if you want end to end encryption. You will not need to import it to any where, it just needs to be valid

  • I’ve not tried it however I believe if you redirect in htaccess for www to non www that’s fine. Do not redirect to https in htaccess Then in cloudfront config change viewer policy to redirect http to https. Also one last step, in the cloudfront config under origin, name just put the example.com there (non www)

    Try this in your htaccess file if you have issues after updating cloudfront

    RewriteEngine On RewriteBase / RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^www.(.)$ [NC] RewriteRule ^(.)$ http://%1/$1 [R=301,L]

    RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} ^www.(.)$ [NC] RewriteRule ^(.)$ https://%1/$1 [R=301,L]

0

I have recently configured my laravel website to work on CDN, every thing works fine as expected except the existing rules for https and www redirection. My existing rules are creating too many redirect issue.

AWS: Source origin website -example(.com) (https) CNAME Alias - www.example(.com) (https)

Could you please suggest what can I do with my basic htaccess rule as below. I need below rules or else it will break my laravel website functionality. please suggest a rule to add https and www redirection which should work with below lines.

<IfModule mod_rewrite.c> 
  Options -Indexes 
 
  RewriteEngine On 
 
 
  RewriteCond $1 !^(index\\.php|resources|robots\\.txt) 
  RewriteCond %{REQUEST_FILENAME} !-f 
  RewriteCond %{REQUEST_FILENAME} !-d 
  RewriteRule ^(.+)$ index.php?/$1 [L,QSA] 
</IfModule>

I tried below two lines and it is throwing the error -- too many redirects.

RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions