The problem

You have an awesome Java app that is growing like crazy and you need to be on top of it. You will start spawning servers to scale horizontally and putting a reliable balancer in front. AWS ELB is a good one but it will not solve all your needs out of the box. You need to tweak it a little bit to fit your needs.

Your app is secure, you have a SSL certificate installed but the problem is how do I redirect or force all HTTP traffic to HTTPS ?

The approach

Put an NGINX in each Tomcat instance. You will say.. another webserver ? yes, another one. Another point of failure but a very reliable one. Nginx is super reliable and has the smallest footprint I ever seen in a serious web server. (NodeJS is not a serious one, that is why people puts NGINX in front of it)

NGINX Config

NGINX will rewrite all requests to the ELB calling the HTTPS port utilizing status 301.

server {
  listen 80;
  # add ssl settings
  return 301$request_uri;

Tomcat config

Now you need to touch the server.xml configuration of Tomcat (located @ $TOMCAT/conf/server.xml) .

<Connector scheme="https" secure="true" proxyPort="443"
  port="8080" protocol="HTTP/1.1"
  redirectPort="8443" />

Amazon Elastic Load Balancer

You are not done yet. You have to configure in the AWS ELB the following listeners.

 HTTP 80 -> HTTP 80 (nginx)
 HTTPS 443 -> HTTP 8080 (tomcat)

I hope it works for you. It did for me.

Categories: Cloud

Rodrigo Asensio

Apasionado por la tecnología


Amar Nirgunkar · August 11, 2016 at 7:28 am

Hi Rodrigo,
Your Tomcat config is working fine with AWS ELB but only when you are using third party SSL Certificate.
i want to use AWS SSL Certificate on EC2 instance which is on tomcat behind ELB.
plz reply if you have the solution!

geetha · June 9, 2017 at 2:17 am

Below is my tomcat server.xml file configurations.


2. Created the ELB with two tomcat instances and imported the certiticates in ACM.

Listeners configured:

HTTP 80 HTTP 8140 N/A N/A
HTTPS 443 HTTP 8140 Change
2a6417ce-985b-4d5c-8a36-0412375717c (ACM) Change

3. in route53, created the subdomain in hosted zone.

4. created CNAME –> elbtest —> ELB dns

If i missed out any configurations, please mention

Leave a Reply

Your email address will not be published. Required fields are marked *