I've done a classical setup for a static website using S3, CloudFront and Route53, however I'm getting a maddening error I hadn't encountered before.
So there's 2 buckets, example.net and www.example.net, with the non-www one having the Static Hosting on and the actual files, the www one just the redirect to HTTPS.
On the Route53 side, I've got the A record for mysite.com as an Alias for the CloudFront distribution, with the www CNAME pointing back to mysite.com
The CloudFront distribution uses the non-www bucket as the origin, but lists as alternative both www and non-www sites, with the Redirect HTTP to HTTPS option on.
All of this successfully allows me to have the website functioning, but on the SEO side I'm having a duplicate content issue because all of the alias successfully resolve as so
http non-www address --> https non-ww address (HTTP to HTTPS, good)
https non-www address --> https non-www address (Straight HTTPS, good)
http www address --> https www address (Works, but fails redirecting to non-www domain)
https www address --> https www address (Works, but fails redirecting to non-www domain)
Everything I try seemingly breaks the www side (like removing the alias on the CloudFront distribution, or switching the CNAME for an A that points to the CloudFront URL).
Thing is, I had done this previously with a GoDaddy DNS with the Forwarding feature, which from this answer I understand is a reverse proxy rather then a core DNS feature.
However, I found this medium article on how to use CloudFront as a reverse proxy, but I can't understand how to apply it to this scenario.
Can anyone help me, please?, thanks in advance!
If I understand your question correctly, you are basically saying both http www address and https www address should be redirecting to https non-www address.
To reference the domain names easily, let's assume the www address is www.example.com, and the non-www address is example.com.
Here is my proposed solution to you problem.
Change the CNAME dns record of www.example.com to an ALAS record pointing to your non-www S3 bucket.
Configure your non-www S3 bucket as a static website and let it redirect all incoming requests to example.com using https protocol.
Related
I have setup record in route53 for example.com to point to my cloudfront distribution(serves all the static files). I want browser to redirect to example.com if user goes to www.example.com. I could point www to same cloudfront distribution, but then browser treats both these domains as seperate sites. They use different local browser cache and all. I want them to use same local cache.
I found the answer myself after lot of research. Point www to a s3 endpoint configured to redirect to example.com. Refer this article for more info.
Also, I am now using google domains instead of route 53 because it has inbuilt option to redirect subdomain.
I created a static s3 bucket site that works. I created a certificate for:
www.example.com
with additional names:
*.example.com
example.com
In my DNS I successfully attached all 2 certificates. Yes, all 2 because the wildcard and the blank subdomain were the same CNAME values.
In the DNS I have www.example.com CNAME going to the cloudfront url.
I figured maybe this was the issue and I should use no www and also try a wildcard, but both simply didn't work and nothing loaded.
I then created a CloudFront and attached the certificate to it with Alternate Domain Names (CNAMEs)
www.example.com
*.example.com
example.com
In CloudFront my Viewer Protocol Policy is REDIRECT TO HTTPS
The behavior:
https://www.example.com works
http://www.example.com works (redirects to https://www.example.com)
www.example.com works (redirects to https://www.example.com)
example.com works (redirects to https://www.example.com)
https://example.com breaks with a (fail) and then auto attempts with (failed)net::ERR_NAME_NOT_RESOLVED
http://example.com breaks with a (fail)
One other thing is, I do have a separate certificate for a separate website on a subdomain sub.example.com. Would this possibly affect it?
Is there anything that stands out that would be doing this?
Based on the comments.
Resolution of example.com did not work because the DNS host (name.com) was set to resolve only www.example.com into CloudFront distro url.
The solution was to add ANAME record to point example.com into CloudFront distro url.
I am attempting to use AWS S3 Static Website Redirect to allow redirects from an Apex domain (example.com) to the www.example.com domain.
I used the following guide https://medium.com/faun/redirect-naked-domain-to-www-with-https-on-aws-route-53-e620e4ce989d
In Route53, I have created an A record for the apex domain example.com
example.com A Simple s3-website-eu-west-1.amazonaws.com.
The www.example.domain points to a cloudfront distribution which distributes my website.
The cloudfront domain will redirect all HTTP traffic to HTTPS
www.example.com A Simple *************.cloudfront.net.
In S3, I have created a bucket for example.com and set it up to redirect all requests
[
The bucket is public and empty
The resulting behavior works for HTTP but times out for HTTPS
http://example.com -> https://www.example.com
https://example.com -> ETIMEDOUT
http://www.example.com -> https://www.example.com
https://www.example.com -> https://www.example.com
How can I fix this setup so that
https://example.com -> https://www.example.com
Problem Description
So, ideally you want all the followings to work:
1) https://example.com β https://www.example.com (naked to www)
2) http://www.example.com β https://www.example.com (http to https)
3) http://example.com β https://www.example.com (naked http to www https)
4) https://www.example.com β π actually show the content as the canonical URL! π
Note that the requirement #3 above can be broken down into two steps, which would be a combination of #1 and then #2.
3B) http://example.com β http://www.example.com β https://www.example.com
All these βs are a HTTP 301 Permanent Redirect.
Requirements
So, you need 3 pieces here:
A URL Redirect (example.com β www.example.com)
[HTTPS Support] An SSL certificate to cover naked subdomain as well as www (it can be two in one, free in Certification Manager)
[HTTPS Support] A Protocol Redirect (http:// β https://)
Solution
This solution requires many pieces in AWS that should be all free! (or no additional cost)
Step 1) Create a URL Redirect in S3
Create a S3 Static Hosting Website and have it redirect to www.example.com.
Notes:
Make sure it's publicly accessible.
Test that the URL works and landing on it actually does the redirect. (or test in terminal via curl -v)
Always test the full URL that contains the region (i.e. .s3-website-us-west-2.amazonaws.com)
Step 2) Create an SSL Certificate for naked domain in Certificate Manager
Go to https://us-west-2.console.aws.amazon.com/acm/home?region=us-west-2#/ (change your region to your preferred one) and request a public certificate. Make sure you put both example.com and www.example.com there. Verify it in Route 53.
Step 3) Create a Protocol Redirect in CloudFront
Go to CloudFront and create a distribution with Viewer Protocol Policy of "Http => HTTPS redirect" and having its origin be the full URL of the S3 bucket above.
Notes:
Do NOT point it to S3 directly. Let is point to the full URL of S3 bucket's static website.
Caching Policy can be No Cache.
Alternate Domain Names should be your example.com and SSL certification of Step 2 should be fed into it.
Verify in the "Origins" tab that you are pointing to the S3 full URL path.
Step 4) Have a DNS record in Route53
Finally, go to your route53 DNS record and have it point the naked domain as A record to the CloudFront distribution of step 3, which should be like d21k2s1234123.cloudfront.net!
Tada!
The issue is S3 static website hosting doesn't support HTTPS. [ref]
So you need to add a CloudFront in front of example.com s3 bucket and configure proper DNS records pointing to it
I currently have my website running at https://www.example.com. I did this by creating an S3 bucket hosting the site called www.example.com, then I created a Cloudfront instance to add SSL.
I then created a CNAME in Godaddy which points to the Cloudfront URL.
If I visit http://example.com, GoDaddy correctly redirects to http://www.example.com, which Cloudfront correctly redirects to https://www.example.com.
HOWEVER, if I visit https://example.com, I get a blank page. How can I make the SSL naked domain redirect to www?
Proved myself wrong in rereading your question:
βUnfortunately, our forwarding servers don't accept HTTPS requests. This is why your forward isn't working. Traffic coming into the forwarding server using the HTTPS protocol won't resolve. The only way you'd be able to set this up is to have the domain hosted on a server where it has an SSL Certificate installed. You could then set up a redirect to point traffic from your old domain to your new one. β
https://www.godaddy.com/community/SSL-And-Security/Forwarding-works-as-long-as-URL-does-not-contain-https/td-p/44951
You should probably just move the domain to route53.
I already have Cloud Front setup to redirect all calls to HTTPS protocol.
Now I want to forward "non www" to www. How can I achieve this with respect to the current setup?
I tried the one below, but it wasn't successful as this one doesn't take HTTPS redirection into consideration.
https://www.pbxdom.com/how-redirect-non-www-to-www-with-amazon-cloud-front-route-53-and-s3
URL doesn't redirect www. Instead, it shows error message:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
Here's another way of solving the problem. I actually tried to do exactly what you did, and I could never seem to truly redirect the non wwww to the www when CloudFront was involved.
Once you set CloudFront to redirect all HTTP to HTTPS, it handles all of that redirection so you don't need to worry about it. You can take it out of the logic equation.
You should have 4 "A" type records in your Route 53 for the domain (assuming you have IPv6 enabled in CloudFront):
www.domain.com "A" alias record pointing to your CloudFront instance
www.domain.com "AAAA" alias record pointing to your CloudFront instance
domain.com "A" alias record pointing to your CloudFront instance
domain.com "AAAA" alias record pointing to your CloudFront instance
And lastly, In the CloudFront "Alternate Domain Names (CNAMEs)" field in the general CloudFront configuration, make sure it contains the www and the non www. Do note that CloudFront changes actually take quite a while to propagate, so be deliberate and patient with your changes.
The end result of this is that both www and non www will work, without any apparent redirection from non www to www, but there is still HTTPS redirection.
I have two CloudFront distributions to achieve this, one serving "example.com" for non-www to www redirection, and the second serving actual content from "www.example.com".
To do this I added a CloudFront Edge Lambda function on the non-www CloudFront distribution that redirects all requests to their www equivalent. I wrote a blog post with the details.
For an alternative approach without using Lambda, this answer points the non-www distribution to an S3 bucket set to redirect all requests to the www version.