Thank you for visiting the Rackspace Community
The The Community is live! Post new content or topics so our teams can assist.

Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.

Configuring Apache for SSL termination on a load balancer

  • Implementing SSL termination on a load balancer allows multiple servers to receive both encrypted and unencrypted traffic.

    For Apache web server nodes, distinguishing between the two requires filtering the X-Forwarded-Proto HTTP header using the RequestHeader directive in the protocol’s respective VirtualHost block:

    <VirtualHost *:80>
        RequestHeader set X-Forwarded-Proto "http"
        …
    </VirtualHost>
    
    <VirtualHost *:443>
        RequestHeader set X-Forwarded-Proto "https"
        …
    </VirtualHost>

    Encrypting all traffic requires a rewrite rule within the HTTP VirtualHost block:

    <VirtualHost *:80>
        RequestHeader set X-Forwarded-Proto "http"
    
        RewriteEngine On
        RewriteCond %{HTTP:X-Forwarded-Proto} !https
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
        …
    </VirtualHost>

    The first example filters client request based on the address visited at the load balancer, with the second forwarding all non-HTTPS traffic to the appropriate URI.

  • Great write up Julian!

    Thanks

  • internal apache variable %{HTTPS}

    http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars

    this is enough

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}