Configure Apache for SSL termination on a Cloud Load Balancer

  • Last updated on: 2019-01-17
  • Authored by: Rackspace Community

Implementing SSL termination on a load balancer enables multiple servers to receive both encrypted and unencrypted traffic. For Apache® web server nodes, distinguishing between the two requires you to filter the X-Forwarded-Proto HTTP header by using the RequestHeader directive in the protocol’s respective VirtualHost block, as shown in the following example:

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    …
</VirtualHost>

<VirtualHost *:443>
    RequestHeader set X-Forwarded-Proto "https"
    …
</VirtualHost>

To encrypt all traffic, you must add a rewrite rule within the HTTP VirtualHost block, as shown in the following example:

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    …
</VirtualHost>

Share this information: