AWS ELB WordPress SSL HTTPS Load Balancer Configuration

AWS
ELB (Load Balancer)
SSL
Apache 2.4.39
Wordpress 5.1

■Communication Environment
Client PC
↓
(port:443)
↓
ELB[SSL Certificate Settings][ELB Rule: Redirect External Port 80 Access to 443]
↓
(port:80)
↓
EC2(Port 80 Only Inside EC2)

■Problem
・Browser accesses main https(443)
・Since EC2 is configured as port 80 environment, WordPress generates HTML with css and header URLs as http(80)
・Browser sees http(80) in header URL different from main URL and stops loading as security error
・HTML doesn’t display correctly in browser

■.htaccess rewrite only pattern

# BEGIN K.Miyakoshi

# Change access from AWS ELB to HTTPS
SetEnvIf X-Forwarded-Proto ^https$ HTTPS=on

# Redirect http access to https
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

# END K.Miyakoshi

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

■Full configuration pattern with vhost.conf in “conf.d” etc

#============================================
# ELB Common Logging Support K.Miyakoshi
#============================================
# AWS ELB Support - Added [%{X-Forwarded-For}i] to get client IP
LogFormat "%{X-Forwarded-For}i:%{X-Forwarded-Port}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" elb-accesslog
ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %{X-Forwarded-For}i:%{X-Forwarded-Port}i %a] %M% ,\ referer\ %{Referer}i"

# AWS ELB Support - Exclude health check access from normal logs
SetEnvIf User-Agent "ELB-HealthChecker.*" nolog
# AWS ELB Support - Output health check access to separate log file
SetEnvIf User-Agent "ELB-HealthChecker.*" elb-log
# Exclude img, js etc from logs
SetEnvIf Request_URI "\.(gif|jpg|png|ico|jpeg|js|css)$" nolog

# Normal log settings
CustomLog logs/access_log elb-accesslog env=!nolog
ErrorLog logs/error_log

#============================================
# ELB WordPress Solution - https(443)→http(80) Redirect Problem
#============================================
# Enable HTTPS when AWS ELB is receiving https
SetEnvIf X-Forwarded-Proto ^https$ HTTPS=on

# Redirect http access to https
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</IfModule>

#============================================
# default
# Used for ELB health check (Alias also works)
#============================================
<VirtualHost _default_:80>
	ServerName _default_:80
	ServerAdmin admin@hoge.com

	DocumentRoot "/opt/lampp/htdocs"
	<Directory "/opt/lampp/htdocs">
		AllowOverride All
		Options FollowSymLinks
		Require all granted

		Options +IncludesNoExec
		AddOutputFilter INCLUDES html
	</Directory>

	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
	ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/error_%Y%m%d.log 86400 540"

</VirtualHost>

#============================================
# taro.hoge.com
#============================================
<VirtualHost *:80>
	ServerName taro.hoge.com
	ServerAdmin admin@hoge.com

	DocumentRoot "/opt/lampp/taro"
	<Directory "/opt/lampp/taro">
		AllowOverride All
		Options FollowSymLinks
		Require all granted
	</Directory>

	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
	# Logs output if [taro.hoge.com] DNS is configured in AWS ELB
	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
	ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/error_%Y%m%d.log 86400 540"

</VirtualHost>

#============================================
# jiro.hoge.com
#============================================
<VirtualHost *:80>
	ServerName jiro.hoge.com
	ServerAdmin admin@hoge.com

	DocumentRoot "/opt/lampp/jiro"
	<Directory "/opt/lampp/jiro">
		AllowOverride All
		Options FollowSymLinks
		Require all granted
	</Directory>

	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
	# Logs output if [jiro.hoge.com] DNS is configured in AWS ELB
	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
	ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/error_%Y%m%d.log 86400 540"

</VirtualHost>

#============================================

AWS ELB WordPress SSL HTTPS Load Balancer Configuration

Trending

Japan Is an iOS-Majority Market — Why You Need Both iOS and Android

Should You Adopt Java 26? Pros and Caveats Sorted for the Field

Finish Your iOS 26 Migration Now — App Store SDK Requirements Change on April 28, 2026

Xcode 15.3 Error Thread 1: EXC_BAD_ACCESS (code=1, address=0x0)