SSL and AWS Elastic Load Balancers

[eluser]Unknown[/eluser]
We are running a CI based website on amazon web services with multiple web servers running behind a standard elastic load balancer (ELB). We have installed my SSL certificate on the ELB rather than on the individual servers. This means that requests between the browser and the ELB are encrypted, but between the ELB and the web servers, traffic is unencrypted.

Our modrewrite is set up as below

RewriteEngine on
RewriteCond $1 !^(index\.php|images|css|js|robots\.txt)

Everything works just fine when I request a file that is served directly by apache - that is any file such as robots.txt that does not go through CI. If the request uses http, the response at the browser is http. If the request is https, the response at the browser is https.

The problem comes when the request is processed by CI. The response is always http no matter whether the request is http or https. I have searched for a possible cause for this but to no avail. At first I thought the answer would be to set to the base_url to refer to https rather than http. This has no effect.

Any suggestions what to try next?

[eluser]Otemu[/eluser]
Hi,

If you set your base_url to https, check that any other resouces such as css, js, media etc our also being served through https and not http.

If that fails check out this post http://ellislab.com/forums/viewthread/83154/

also another post here might come in handy http://davidwalsh.name/force-secure-ssl-htaccess

[eluser]Unknown[/eluser]
OK. Feel rather silly. As frequently happens, seemingly difficult problems are simple in retrospect.

Everything was actually working exactly as required. The only problem was that I was adding some scripts using http. So something like

Code:

echo "<script src=\"http:etc

was forcing the page to be displayed in the browser without the reassurance of an SSL lock. Simply removing the http-sourced scripts fixed everything.

Thanks for helping out.