AWS Elasticbeanstalk single instance Force SSL Redirect loop

As I mentioned in my comment:

in the ssl.conf every call from port 443 is "proxyed" to port 80, so you never get https = on.

I did some tests and I found out that the ProxyPass directive in ssl.conf does not simply redirect every request from port 443 to localhost:80, but basically repeats the request to Apache from scratch, through the port 80 (at least, that's what I understood).

I checked the value of $_SERVER and found out that HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST and HTTP_X_FORWARDED_SERVER are set during a HTTPS request (but they are NOT set during a HTTP request), meanwhile SERVER_ADDR and REMOTE_ADDR are set to 127.0.0.1 during a HTTPS request (but they are set to different values for HTTP requests).

I assume you can easily check if your request was plain HTTP with something like this (check the syntax, I'm rubbish with Apache):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER}   !^$

or

RewriteCond %{ENV:SERVER_ADDR}   !^127\.0\.0\.1

BEWARE: I couldn't find any reference in AWS documentation, it's just an empiric result... they can easily change this behavior!

Happy coding! :)

I run into the same problem. Here is what worked for me:

RewriteCond %{SERVER_PORT} !=443RewriteCond %{SERVER_ADDR}   !^127\.0\.0\.1RewriteRule (.*) https://%{SERVER_NAME}/$1 [L]

Here is the official way. Found in AWS docs.

RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} !httpsRewriteCond %{HTTP_USER_AGENT} !ELB-HealthCheckerRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Sources

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html

https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/security-configuration/https-redirect/php/https-redirect-php.config