What's needed for HTTP->HTTPS redirect in load balancer?

Posted October 2, 2019 6.2k views
Load Balancing

I’m using a couple of load balancers in front of my droplets and I only want to allow HTTPS traffic to the LB. There’s an option in the load balancer to “Redirect HTTP to HTTPS” that supposedly should redirect all calls on the 80 port on the load balancer to port 443?

This doesn’t seem to work as I get a “connection refused on port 80” when I access the droplet through the loadbalancer over http.

Is there some additional configuration needed for this redirect to work?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Thanks @bobbyiliev, that’s what I’ve done but when I test it out with curl I get a connection refused error for port 80. Using https works as expected.

I have configured a firewall blocking public access to port 80 the droplets from the internet, but I suppose that shouldn’t affect the redirecting, which should happen in the load balancer.

I must be doing something wrong, but can’t see what that would be.

  • Hello,

    That’s interesting, if you wish you could share the current firewall and load balancer rules that you have so I could advise you further?


    • Sure thing.

      Droplets listening ports:

      TCP 22
      TCP 80

      TCP 22
      TCP 8080

      Firewall inbound rules (both droplets attached):

      SSH TCP 22 ALL
      HTTP TCP 80 Only loadbalancer-1
      CUSTOM TCP 8080 Only loadbalancer-2

      Loadbalancer rules:

      loadbalancer-1 (droplet-1 attached):
      HTTPS 443 -> HTTP 80
      Algorithm: round robin
      Sticky session: off
      SSL: Redirect HTTP to HTTPS ON
      Proxy Protocol: Disabled

      loadbalancer-2 (droplet-2 attached):
      HTTPS 443 -> HTTP 8080
      Algorithm: round robin
      Sticky session: off
      SSL: Redirect HTTP to HTTPS ON
      Proxy Protocol: Disabled

    • @bobbyiliev any ideas based on the provided configuration?

      • Hi @fredrikbostrom,

        I’ve tested this at my end, what I had to do is to add a rule on the load balancer from HTTP to HTTP to the droplet with HTTPS redirect enabled. That way the load balancer ‘knows’ that it has to listen on port 80 as well but at the same time the redirect is happening on the load balancer itself as well.

        That way the setup worked. To test it you could use curl with -IL flags, for me the output was:

        curl -IL LoadBalancerIP
        HTTP/1.1 307 Temporary Redirect
        Cache-Control: no-cache
        Content-length: 0
        Location: LoadBalancerIP

        Let me know how it goes!

        • Thanks @bobbyiliev that actually did the trick!

          I find it a bit odd though, to open up an insecure path to the server’s port 80 in the load balancer, and relying on the redirect not to let any traffic through.

          But I’m happy we found a working solution! Thanks for your help!


Yes, it is possible to force the HTTP to HTTPS redirect. You can follow the steps on how to do that here:

Hope that this helps!