Cloudfront redirect www to naked domain with ssl [closed]

82
votes

Forgive me if this has been asked before, there are a number of resources that touch on this, but nothing seems to fit for my specific (https) use-case.

I'm trying to redirect https://www.example.com to https://example.com. Likewise, this should work for http://www.example.com to https://example.com.

I have set up a cloudfront distribution with the origin of an s3 bucket, redirect http to https, added the cname example.com and added my domain certificate (which works for the www subdomain as well as the naked domain).

I have also set up a separate distribution, with a cname for www.example.com, added the certificate and set the origin to a separate s3 bucket that in (static website hosting) redirects all requests to https://example.com.

Redirection works as expected for http://example.com to https://example.com, however http(s)://www.example.com to https://example.com does not.

In route 53 I have the root domain aliased to the first cloudfront distribution and www aliased to the second.

2
redirectsslamazon-s3amazon-cloudfrontamazon-route53
Please see my answer here, which should be pretty helpful: stackoverflow.com/questions/36265027/…Marcel Gruber
Rather than close this question, could we move it to Server Fault? I'd like to add an answer.2540625
+1 for @jtheletter's proposal. Just for the record, I wrote an in-depth tutorial on how to set up a static website with S3, CloudFront and Route53. It describes a basic AWS infrastructure for properly handling a www subdomain.Paul Razvan Berg

2 Answers

115
votes

To host website on AWS so that:

https://www.example.com, http://www.example.com and http://example.com all redirect to https://example.com

you need to:

  1. Create two S3 buckets named: example.com and www.example.com.

  2. Turn on the Static Website Hosting on these two buckets.

  3. Configure redirect in bucket www.example.com to: https://example.com. In the bucket properties choose Static Website Hosting => Redirect all requests to another host name. In Target bucket or domain field, enter example.com, in Protocol field, enter https

  4. For these buckets create two CloudFront Distributions. Each of this distributions point to corresponding bucket:

  5. For Origin Domain Name provide bucket urls provided in Static Website Hosting section. The urls should have form (or similar): example.com.s3-website-us-west-1.amazonaws.com

    • On both distribution set HTTP to HTTPS redirect.

    • DO NOT USE URL SUGGESTED BY AMAZON AUTOCOMPLETE!

    • DO NOT SET Default Root Object PROPERTY!

  6. Configure DNS by setting A records for www.example.com and example.com to point to corresponding CloudFront distributions.

Why does it work? CloudFront provides the redirect from HTTP to HTTPS in both cases (with and without www). The bucket for www.example.com provides redirect to example.com. If you didn't have this distribution, the bucket would not be able to redirect request for https://www.example.com. S3 itself does not support HTTPS for static website hosting.

59
votes

I found the solution thanks to this answer: Amazon S3 Redirect and Cloudfront

In short:

Cloudfront does not respect the redirection rules setup in S3 if the origin is just the bucket ID. Instead I had to set the origin to the provided s3 static website host name.