Configure AWS Application Load Balancer to direct HTTP and HTTPS traffic to target group
First things first: let me underscore that this guide is tailored to using an AWS Application Load Balancer—not a Classic Load Balancer. You can read about the differences in this article on Amazon’s News Blog.
I was pretty pleased that I was able to serve the project I completed for the Chicago Python Mentorship Program over HTTPS. Sure, using Amazon Web Services (AWS) Certificate Manager to create an SSL certificate was a breeze, but configuring my Application Load Balancer, Security Groups, Target Group, and nginx server was was no small task.
The problem, I realized after I presented my Chicago Python Mentorship project, is that the application would not accept HTTP traffic at all. I woke up this morning and decided to fix that. I thought it should be as easy as configuring a listener on port 80 on my ALB and redirecting that traffic to my listener on port 443. Turns out, it isn’t as easy as that. Let me walk you through the steps I took to get this configured properly.
Add HTTP listener to Application Load Balancer
- Open EC2 console and navigate to Load Balancers.
- Navigate to the Listeners tab.
- Click Add listener.
- Set the protocol to HTTP, port to 80, and select a target group.
- Click Save.
Update Security Group rules for ALB
Next, update the inboud and outbound rules for the load balancer’s Security Group. This essentially determines what types of traffic your load balancer will accept and where it will direct that traffic.
- In the Load Balancers pane, select your load balancer.
- Select the Description tab.
- Under the Security section, click the security group ID link.
Inbound rules
- Select the Inbound tab.
- Select Edit.
- Click Add Rule.
- Set type to HTTP, protocol to TCP, port range to 80, and source to anywhere.
- Click Save.
Outbound rules
- Select the Outbound tab.
- Select Edit.
- Click Add Rule.
- Set type to All Traffic.
- Protocol will default to All and port range will default to 0 - 65535.
- Set Destination to anywhere.
- Click Save.
At this point, the ALB is listening on ports 443 and 80 and is accepting traffic from anywhere. It is forwarding traffic to the target group created in the previous article.
The next step is to update the nginx configuration on the EC2 instance to listen for HTTP requests from the ALB and redirect those using the HTTPS protocol.