Moodle move to AWS (HTTPS to HTTP) behind ELB

Moodle move to AWS (HTTPS to HTTP) behind ELB

by Steve Pollock -
Number of replies: 3

I am moving a moodle site to AWS behind a classic elastic load balancer. to EC2 Instance(s).

The load balancers works with https listener, cert, etc. and is forwarding to the apache server at the correct document root for apache.  which is /var/www/html/moodle in this case.

If I place a phpinfo.php file in the directory I can reach it fine with https://mysite.com/phpinfo.php

So it's all working as expected.. except for moodle.

I have edited the ..moodle/config.php and it is correctly set to use http://mysite.com  (note the http, not https)   Locally, I was running https in the apache server directly, when I moved to AWS the ELB terminates the SSL connection and forwards as http.

When the browser attempts to connect, it gets a "too many redirects" message and I can see it hitting the apache access log multiple times for the same uri.

Any ideas?

My sense is that something in the moodle database is causing this to redirect back to https, perhaps some embedded links in the sql database?  

Thanks,

-Steve


Average of ratings: -
In reply to Steve Pollock

Re: Moodle move to AWS (HTTPS to HTTP) behind ELB

by Steve Pollock -
Since no one has any ideas, here is the answer, indeed moving in this manner (https to http) will not work and I don't have time to dig around in the database to find out why.  The easy fix is to run 443 against your target servers on the ELB.  It turns out that ELB doesn't care about the cert other than that it is valid, so you can use even use a self-signed cert on the individual web servers.  


I also tested EFS and and validate that it unusable in terms of performance.



Average of ratings: -
In reply to Steve Pollock

Re: Moodle move to AWS (HTTPS to HTTP) behind ELB

by Matt Spurrier -

Hi Steve,

AWS's ELB should be sending HTTPS headers to Apache, which in turn may already be setting HTTPS to on.

Moodle's config.php should still show https:// even if the local Apache server is serving via HTTP to the upstream proxy.


To check this is the case, create a test.php file in the wwwroot with the contents of

<?php phpinfo();

then visit it, check for X_FORWARDED_PROTO and/or HTTPS.


If the config.php has http:// the it tries to redirect to that URL in the event it's visited on a different protocol, so this would explain the too many redirects.


Hope that helps.


Matt


Average of ratings: -
In reply to Steve Pollock

Re: Moodle move to AWS (HTTPS to HTTP) behind ELB

by José Antonio Omedes Capdevila -
Picture of Plugin developers

Hello Steve,

You have two different challenges:

Connections coming through HTTPS to your load balancer:

Those will be forwarded as HTTP to Moodle.

HTTPS ===> (443) Load Balancer (80)  ===> SERVER

1. Install the certificate on yout ELB.

2. Edit the config.php and add the following:

$CFG->sslproxy  = 1;

$CFG->wwwroot   = 'https://<your domain>';


Connections coming through HTTP to your load balancer:

Those will be forwarded as HTTP to Moodle.

HTTPS ===> (40) Load Balancer (80)  ===> SERVER

In this case, we need to find out that the traffic came through HTTP and rewrite URL to https.

1. Edit the virtual host configuration and add the following:

  RewriteEngine On

  RewriteCond %{HTTP:X-Forwarded-Proto} =http

  RewriteRule . https://<your domain> [L,R=permanent]


If not enabled, you will have to enable the Apache rewrite module:

sudo a2enmod rewrite


I hope it helps, 

Jose

jose.omedes@itoptraining.com

www.moodlenet.com



Average of ratings: Useful (3)