Environment
Issues/Symptoms
When accessing AEM through an SSL terminated Load Balancer (or SSL terminated CDN), then AEM redirects back from https to http.
SSL termination at the load balancer means that the SSL certificates are installed in the load balancer. The end user accesses the site through https://, and the Dispatcher/Web Server and AEM are accessed on the back end with http://.
Cause
Different load balancers send different headers to notify the back end systems that SSLis terminated upstream. For example, Amazon ELB uses the header “X-Forwarded-Proto: https”.
To fix the issue:
I. Update Dispatcher /clientheaders configuration
Refer to the documentation of your load balancer to find out which header it sets to notify downstream systems that it terminated SSL. For simplicity, in these steps we assume that the correct HTTP header is “X-Forwarded-Proto: https”
If you are using dispatcher without a load balancer or if your load balancer or proxy fails to set the X-Forwarded-Proto header, then you can set it at the web server or dispatcher level. If you are using Apache HTTP Server, then update your HTTPS VirtualHostwith this directive:
1 | RequestHeader set X-Forwarded-Proto "https" |
---|
II. Update the Header Configurations:
http://host:port/system/console/configMgr/org.apache.felix.http.sslfilter.SslFilter
, and log in as administrator.Note:
There is no standard for reverse proxy headers that tell the back end which protocol is used. However, here are some that are known:
III. Update the Jetty OSGi Configuration (AEM 6.3 and later versions)
On AEM 6.3 and later versions there is an addition configuration required:
http://aem-host:port/system/console/configMgr/org.apache.felix.http.