We have a [legacy] web application that redirects non-SSL requests (port 80) to SSL (port 443). The web server is IIS (if that matters).
Now I wish to put a load balancer in front of this app. That will be step one towards scaling in a future project phase.
However, the redirecting to SSL is causing problems that I can't quite get my head around.
I have the AWS Network Load Balancer (NLB) listening on both 80 and 443. Apparently it can only send to the target group (my web server) on one port.
- If I have it sending to port 80 then we go into a redirect loop because the web server assumes every request is non-SSL.
- If I have it sending to port 443 then we never redirect because, again, the web server assumes all requests are already secure
I chose NLB because it will allow me to use my existing web server's elastic IP which makes the cutover a bit more seamless (and, I'm told, some of our API clients have that IP address allow-listed already so a change is hard). I think that logic rules out using an Application Load Balancer (can't use elastic IP)? NLB is layer 4 though, so I can't play any games with headers.
I can't help but think this "redirect to SSL" thing has already been solved by smarter people than me... so how'd you do it?
