How to force HTTPS behind an Amazon Web Services Elastic Load Balancer

Recently I have been learning the Amazon Web Services (AWS) platform and have created a setup with two web servers running NGINX and PHP behind an Elastic Load Balancer (ELB). Later I added HTTPS support and I came across an issue where HTTPS requests were getting redirected to HTTP. Luckily the ELB supports the HTTP header X-FORWARDED-PROTO and using a simple rewrite rule, HTTPS can be enforced. To serve as a reference for myself and to help others out, below is the code required to achieve this on the most popular HTTP server software:


server {
  listen 80;

  location / {
    if ($http_x_forwarded_proto != 'https') {
      rewrite ^ https://$host$request_uri? permanent;


<VirtualHost *:80>
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}


<rewrite xdt:Transform="Insert">
    <rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
      <match url="^(.*)$" ignoreCase="false" />
        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
      <action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />

Note: When configuring the ELB health check, it is important to configure this to check HTTP on port 80 (assuming SSL terminates at the ELB).