Forcing HTTPS with EC2 / ELB / WordPress

I recently moved this site to Amazon AWS EC2 (as an exercise, don’t read anything into it), and found the process to be straightforward, until I went to force HTTPS.  I first set the wordpress config site url to, and was immediately stopped.

ERR_TOO_MANY_REDIRECTS This webpage has a redirect loop

Well, then.   Since I could no longer access the admin page, I forced the URL back to http in wp-config.php


Great, access to site restored, but no further towards the goal.

The problem turned out to be that since Elastic Load Balancer was doing the SSL termination and then proxying to the EC2 instance with HTTP, wordpress always considered itself to be serving HTTP.

Unfortunately, while this problem wasn’t uncommon, the solutions were spread among several different pages because of the different technologies in the mix.

In the end, here were my changes to wp-config.php:


And most importantly, to my Apache HTTPd config:

<IfModule mod_setenvif.c>
 SetEnvIf X-Forwarded-Proto "^https$" HTTPS

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}

The first stanza uses X-Forwarded-Proto that ELB sets to the original protocol, so the next stanza, and wordpress, can both determine if the original request was HTTPS.

The second stanza just forces HTTPS if the request is HTTP.  Note that it looks at the header; redirects that key off PORT would not work.



Secret store value

I’m on a project implementing Hashicorp’s Vault. The big value is coming from onboarding teams that are generating secrets for others, like certificate management and database ops. When they’re putting secrets into Vault, and other teams are consuming them,  rotation becomes cake. And cert renewal can be pushed from the management side without any extra operational steps.