AWS
ELB (Load Balancer)
SSL
Apache 2.4.39
Wordpress 5.1
■Entorno de comunicación
PC Cliente
↓
(port:443)
↓
ELB[Configuración de certificado SSL][Regla ELB redirige acceso externo 80 a 443]
↓
(port:80)
↓
EC2(Solo necesita configuración port 80 dentro de EC2)
■Problema
・Acceso desde navegador a https principal (443)
・Dentro de EC2 está configurado como entorno 80, así que WordPress genera URLs en header (css, etc) como http (80)
・Cuando el navegador encuentra http (80) diferente de la URL principal en header, lo detiene como error de seguridad
・El html no se muestra correctamente en el navegador
■Patrón solo con rewrite en .htaccess
# BEGIN K.Miyakoshi
# AWS ELBからのアクセスをHTTPSへ変更する
SetEnvIf X-Forwarded-Proto ^https$ HTTPS=on
# httpアクセスをhttpsへリダイレクトする
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# END K.Miyakoshi
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
■Patrón con configuración completa en vhost.conf como «conf.d»
#============================================
# ELB Registro común K.Miyakoshi
#============================================
# AWS ELB compatible [%{X-Forwarded-For}i] añadido para obtener IP del cliente
LogFormat "%{X-Forwarded-For}i:%{X-Forwarded-Port}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" elb-accesslog
ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %{X-Forwarded-For}i:%{X-Forwarded-Port}i %a] %M% ,\ referer\ %{Referer}i"
# AWS ELB compatible Excluir acceso de health check del registro normal
SetEnvIf User-Agent "ELB-HealthChecker.*" nolog
# AWS ELB compatible Configuración para generar acceso de health check en archivo de registro separado
SetEnvIf User-Agent "ELB-HealthChecker.*" elb-log
# Excluir img, js, etc del registro
SetEnvIf Request_URI "\.(gif|jpg|png|ico|jpeg|js|css)$" nolog
# Configuración de registro normal
CustomLog logs/access_log elb-accesslog env=!nolog
ErrorLog logs/error_log
#============================================
# ELB WordPress Solución redireccionamiento https(443)→http(80)
#============================================
# Si AWS ELB está recibiendo en https, habilitar HTTPS
SetEnvIf X-Forwarded-Proto ^https$ HTTPS=on
# Redireccionamiento de acceso http a https
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</IfModule>
#============================================
# default
# Se utiliza para health check de ELB (Alias también es válido)
#============================================
<VirtualHost _default_:80>
ServerName _default_:80
ServerAdmin admin@hoge.com
DocumentRoot "/opt/lampp/htdocs"
<Directory "/opt/lampp/htdocs">
AllowOverride All
Options FollowSymLinks
Require all granted
Options +IncludesNoExec
AddOutputFilter INCLUDES html
</Directory>
CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/error_%Y%m%d.log 86400 540"
</VirtualHost>
#============================================
# taro.hoge.com
#============================================
<VirtualHost *:80>
ServerName taro.hoge.com
ServerAdmin admin@hoge.com
DocumentRoot "/opt/lampp/taro"
<Directory "/opt/lampp/taro">
AllowOverride All
Options FollowSymLinks
Require all granted
</Directory>
CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
# Si está configurado en AWS ELB vinculado al DNS [taro.hoge.com] se genera el registro
CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/error_%Y%m%d.log 86400 540"
</VirtualHost>
#============================================
# jiro.hoge.com
#============================================
<VirtualHost *:80>
ServerName jiro.hoge.com
ServerAdmin admin@hoge.com
DocumentRoot "/opt/lampp/jiro"
<Directory "/opt/lampp/jiro">
AllowOverride All
Options FollowSymLinks
Require all granted
</Directory>
CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
# Si está configurado en AWS ELB vinculado al DNS [jiro.hoge.com] se genera el registro
CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/error_%Y%m%d.log 86400 540"
</VirtualHost>
#============================================