Note: This is a reblog of following link for my personal bookkeeping https://willwarren.com/2014/01/27/running-apache-tomcat-with-ssl-behind-amazon-elb/ — One of popular AWS EC2 cluster configurations servicing secure REST APIs is where the SSL connection terminates at ELB, while all communication between ELB and EC2 instances use HTTP. This works well as far as no redirection is involved. However, where redirection is involved, client gets redirected to insecure connection, which may not work. One such scenario is an Oauth Server.