Configure Apache for SSL termination on a Cloud Load Balancer

Suggest Edits

Implementing SSL termination on a load balancer enables multiple servers to receive both encrypted and unencrypted traffic.
If you want Apache® web server nodes to distinguish between the two, you need to filter the X-Forwarded-Proto HTTP header
by using the RequestHeader directive in the protocol’s respective VirtualHost block, as shown in the following example:

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    …
</VirtualHost>

<VirtualHost *:443>
    RequestHeader set X-Forwarded-Proto "https"
    …
</VirtualHost>

To encrypt all traffic, you must add a rewrite rule within the HTTP VirtualHost block, as shown in the following example:

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    …
</VirtualHost>

Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.

Updated 12 months ago