I created a static s3 bucket site that works. I created a certificate for:
www.example.com
with additional names:
*.example.com
example.com
In my DNS I successfully attached all 2 certificates. Yes, all 2 because the wildcard and the blank subdomain were the same CNAME values.
In the DNS I have www.example.com CNAME going to the cloudfront url.
I figured maybe this was the issue and I should use no www and also try a wildcard, but both simply didn't work and nothing loaded.
I then created a CloudFront and attached the certificate to it with Alternate Domain Names (CNAMEs)
www.example.com
*.example.com
example.com
In CloudFront my Viewer Protocol Policy is REDIRECT TO HTTPS
The behavior:
https://www.example.com works
http://www.example.com works (redirects to https://www.example.com)
www.example.com works (redirects to https://www.example.com)
example.com works (redirects to https://www.example.com)
https://example.com breaks with a (fail) and then auto attempts with (failed)net::ERR_NAME_NOT_RESOLVED
http://example.com breaks with a (fail)
One other thing is, I do have a separate certificate for a separate website on a subdomain sub.example.com. Would this possibly affect it?
Is there anything that stands out that would be doing this?
Based on the comments.
Resolution of example.com did not work because the DNS host (name.com) was set to resolve only www.example.com into CloudFront distro url.
The solution was to add ANAME record to point example.com into CloudFront distro url.
Related
These are the steps I followed:
got a new domain name from AWS domain registry. Lets say example.com
Create a certificate with the help of ACM for example.com
My Cloudfront distribution(lets say dXXXXXXXXXX.cloudfront.net) points to a S3 folder (contains some images)
Cloudfront url with aws provided distribution name works fine (lets say: https://dXXXXXXXXXX.cloudfront.net/1.jpeg)
Added example.com as alternate domain in that distribution definition and imported the certificate of example.com in CloudFront
Added one A and one AAA entry in the route53 where source is: example.com and target is:dXXXXXXXXXX.cloudfront.net
7.Added an alias type 'A' entry where source is www.example.com and target is example.com
8.Now when I try to use url: https://www.example.com/1.jpeg , it is showing can't connect to the server of www.example.com where as if I use https://example.com/1.jpeg , it shows the picture.
Please help me here.
You should use CNAME instead of Alias A.
Try this instead
www.example.com CNAME example.com
example.com A Alias <_id>.cloudFront.com
I am attempting to use AWS S3 Static Website Redirect to allow redirects from an Apex domain (example.com) to the www.example.com domain.
I used the following guide https://medium.com/faun/redirect-naked-domain-to-www-with-https-on-aws-route-53-e620e4ce989d
In Route53, I have created an A record for the apex domain example.com
example.com A Simple s3-website-eu-west-1.amazonaws.com.
The www.example.domain points to a cloudfront distribution which distributes my website.
The cloudfront domain will redirect all HTTP traffic to HTTPS
www.example.com A Simple *************.cloudfront.net.
In S3, I have created a bucket for example.com and set it up to redirect all requests
[
The bucket is public and empty
The resulting behavior works for HTTP but times out for HTTPS
http://example.com -> https://www.example.com
https://example.com -> ETIMEDOUT
http://www.example.com -> https://www.example.com
https://www.example.com -> https://www.example.com
How can I fix this setup so that
https://example.com -> https://www.example.com
Problem Description
So, ideally you want all the followings to work:
1) https://example.com → https://www.example.com (naked to www)
2) http://www.example.com → https://www.example.com (http to https)
3) http://example.com → https://www.example.com (naked http to www https)
4) https://www.example.com → 🎉 actually show the content as the canonical URL! 🎉
Note that the requirement #3 above can be broken down into two steps, which would be a combination of #1 and then #2.
3B) http://example.com → http://www.example.com → https://www.example.com
All these →s are a HTTP 301 Permanent Redirect.
Requirements
So, you need 3 pieces here:
A URL Redirect (example.com → www.example.com)
[HTTPS Support] An SSL certificate to cover naked subdomain as well as www (it can be two in one, free in Certification Manager)
[HTTPS Support] A Protocol Redirect (http:// → https://)
Solution
This solution requires many pieces in AWS that should be all free! (or no additional cost)
Step 1) Create a URL Redirect in S3
Create a S3 Static Hosting Website and have it redirect to www.example.com.
Notes:
Make sure it's publicly accessible.
Test that the URL works and landing on it actually does the redirect. (or test in terminal via curl -v)
Always test the full URL that contains the region (i.e. .s3-website-us-west-2.amazonaws.com)
Step 2) Create an SSL Certificate for naked domain in Certificate Manager
Go to https://us-west-2.console.aws.amazon.com/acm/home?region=us-west-2#/ (change your region to your preferred one) and request a public certificate. Make sure you put both example.com and www.example.com there. Verify it in Route 53.
Step 3) Create a Protocol Redirect in CloudFront
Go to CloudFront and create a distribution with Viewer Protocol Policy of "Http => HTTPS redirect" and having its origin be the full URL of the S3 bucket above.
Notes:
Do NOT point it to S3 directly. Let is point to the full URL of S3 bucket's static website.
Caching Policy can be No Cache.
Alternate Domain Names should be your example.com and SSL certification of Step 2 should be fed into it.
Verify in the "Origins" tab that you are pointing to the S3 full URL path.
Step 4) Have a DNS record in Route53
Finally, go to your route53 DNS record and have it point the naked domain as A record to the CloudFront distribution of step 3, which should be like d21k2s1234123.cloudfront.net!
Tada!
The issue is S3 static website hosting doesn't support HTTPS. [ref]
So you need to add a CloudFront in front of example.com s3 bucket and configure proper DNS records pointing to it
I've done a classical setup for a static website using S3, CloudFront and Route53, however I'm getting a maddening error I hadn't encountered before.
So there's 2 buckets, example.net and www.example.net, with the non-www one having the Static Hosting on and the actual files, the www one just the redirect to HTTPS.
On the Route53 side, I've got the A record for mysite.com as an Alias for the CloudFront distribution, with the www CNAME pointing back to mysite.com
The CloudFront distribution uses the non-www bucket as the origin, but lists as alternative both www and non-www sites, with the Redirect HTTP to HTTPS option on.
All of this successfully allows me to have the website functioning, but on the SEO side I'm having a duplicate content issue because all of the alias successfully resolve as so
http non-www address --> https non-ww address (HTTP to HTTPS, good)
https non-www address --> https non-www address (Straight HTTPS, good)
http www address --> https www address (Works, but fails redirecting to non-www domain)
https www address --> https www address (Works, but fails redirecting to non-www domain)
Everything I try seemingly breaks the www side (like removing the alias on the CloudFront distribution, or switching the CNAME for an A that points to the CloudFront URL).
Thing is, I had done this previously with a GoDaddy DNS with the Forwarding feature, which from this answer I understand is a reverse proxy rather then a core DNS feature.
However, I found this medium article on how to use CloudFront as a reverse proxy, but I can't understand how to apply it to this scenario.
Can anyone help me, please?, thanks in advance!
If I understand your question correctly, you are basically saying both http www address and https www address should be redirecting to https non-www address.
To reference the domain names easily, let's assume the www address is www.example.com, and the non-www address is example.com.
Here is my proposed solution to you problem.
Change the CNAME dns record of www.example.com to an ALAS record pointing to your non-www S3 bucket.
Configure your non-www S3 bucket as a static website and let it redirect all incoming requests to example.com using https protocol.
I've hosted a static website on AWS using S3, CloudFront and Route53.
I issued a certificate (covering *.example.com and example.com) with Certificate Manager and everything is working fine when I enter example.com and www.example.com. Both URLs redirect to https://example.com, which is exactly what I want.
But if i try to go to https://www.example.com it does not work, although http://www.example.com does work. Why is that?
I'm assuming I'm doing something wrong in Route53 or CloudFront.
Make sure you have created the certificate in us-east-1 region to be used with Cloudfront.
Make sure you have entered both www.example.com and example.com in CloudFront Alternate CNAME entries.
Make sure the behavior is set to Redirect HTTP to HTTPS
Make sure index.html file is present in the origin. It can also be specified explicitly in Cloudfront distribution.
If you can provide your distribution settings, it would be helpful.
I am using AWS Cloudfront to distribute my homepage.
http://www.example.com, https://example.com, http://example.com
All three URLs must be redirected to the main url https: // www.example.com.
The problem is that the https://example.com domain failed to redirect.
I created a www.example.com bucket on s3 and distributed it to cloudfront with an SSL certificate (user aws certificate manager). and I connect cloudfront endpoint to www.example.com url used by route53. So the http://www.example.com => https://www.example.com redirect is a success.
Then I created an example.com bucket on s3 and move to properties > static website hosting > redirect requests then setting target bucket = www.example.com and protocol = https
The result is that http://example.com succeeds in redirecting to https://www.example.com, but https://example.com to https://www.example.com fails to connect.
Did you solve the same problem?
Thank you.
update my cloudfront settings
Here is how I would solve it,
SSL Certificates:
example.com
*.example.com
CloudFront Distribution 1:
CNAME example.com
Certificate: example.com
Viewer Protocol Policy -- Redirect HTTP to HTTPS
Origin and Behaviour --
To S3 Bucket to redirect
Redirect to https://www.example.com
CloudFront Distribution 2:
CNAME www.example.com
Certificate: www.example.com
Viewer Protocol Policy -- Redirect HTTP to HTTPS
Also, note *.example.com certificate won't match example.com certificate.
Based on my experience, I bet I can guess what's happening here. On your Origin configuration in CloudFront, you can set the Origin Protocol Policy to connect to the origin with HTTP, HTTPS or Match Viewer. If you have it set to Match Viewer it will attempt to connect to the S3 Static hosting for your domain via HTTPS, which can be problematic. Instead, set it to HTTP and then things will probably work.
Also, you might want to split your example.com distribution from your www.example.com distribution, as CloudFront differentiates behaviours associated with origins usually based on Path.