Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

amazon web services - AWS S3 Redirect for Route53 not working for HTTPS

I am attempting to use AWS S3 Static Website Redirect to allow redirects from an Apex domain (example.com) to the www.example.com domain.

I used the following guide https://medium.com/faun/redirect-naked-domain-to-www-with-https-on-aws-route-53-e620e4ce989d

In Route53, I have created an A record for the apex domain example.com

example.com    A    Simple   s3-website-eu-west-1.amazonaws.com.

The www.example.domain points to a cloudfront distribution which distributes my website. The cloudfront domain will redirect all HTTP traffic to HTTPS

www.example.com   A    Simple    *************.cloudfront.net.

In S3, I have created a bucket for example.com and set it up to redirect all requests [example.com s3 bucket redirect rules The bucket is public and empty

The resulting behavior works for HTTP but times out for HTTPS

http://example.com -> https://www.example.com
https://example.com -> ETIMEDOUT
http://www.example.com -> https://www.example.com
https://www.example.com -> https://www.example.com

How can I fix this setup so that https://example.com -> https://www.example.com

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Problem Description

So, ideally you want all the followings to work:

1) https://example.com     → https://www.example.com   (naked to www)
2) http://www.example.com  → https://www.example.com   (http to https)
3) http://example.com      → https://www.example.com   (naked http to www https)
4) https://www.example.com → ?? actually show the content as the canonical URL! ??

Note that the requirement #3 above can be broken down into two steps, which would be a combination of #1 and then #2.

3B) http://www.example.com → http://www.example.com → https://www.example.com

All these s are a HTTP 301 Permanent Redirect.

Requirements

So, you need 3 pieces here:

  1. A URL Redirect (example.com → www.example.com)
  2. [HTTPS Support] An SSL certificate to cover naked subdomain as well as www (it can be two in one, free in Certification Manager)
  3. [HTTPS Support] A Protocol Redirect (http:// → https://)

Solution

This solution requires many pieces in AWS that should be all free! (or no additional cost)

Step 1) Create a URL Redirect in S3

Create a S3 Static Hosting Website and have it redirect to www.example.com. enter image description here

Notes:

  1. Make sure it's publicly accessible.
  2. Test that the URL works and landing on it actually does the redirect. (or test in terminal via curl -v)
  3. Always test the full URL that contains the region (i.e. .s3-website-us-west-2.amazonaws.com)

Step 2) Create an SSL Certificate for naked domain in Certificate Manager

Go to https://us-west-2.console.aws.amazon.com/acm/home?region=us-west-2#/ (change your region to your preferred one) and request a public certificate. Make sure you put both example.com and www.example.com there. Verify it in Route 53.

Step 3) Create a Protocol Redirect in CloudFront

Go to CloudFront and create a distribution with Viewer Protocol Policy of "Http => HTTPS redirect" and having its origin be the full URL of the S3 bucket above.

enter image description here

Notes:

  1. Do NOT point it to S3 directly. Let is point to the full URL of S3 bucket's static website.
  2. Caching Policy can be No Cache.
  3. Alternate Domain Names should be your example.com and SSL certification of Step 2 should be fed into it.
  4. Verify in the "Origins" tab that you are pointing to the S3 full URL path.

Step 4) Have a DNS record in Route53

Finally, go to your route53 DNS record and have it point the naked domain as A record to the CloudFront distribution of step 3, which should be like d21k2s1234123.cloudfront.net!

enter image description here

Tada!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...