Cloudfront redirect www to naked domain with ssl
Solution 1
I found the solution thanks to this answer: Amazon S3 Redirect and Cloudfront
In short:
Cloudfront does not respect the redirection rules setup in S3 if the origin is just the bucket ID. Instead I had to set the origin to the provided s3 static website host name.
Solution 2
To host website on AWS so that:
https://www.example.com, http://www.example.com and http://example.com all redirect to https://example.com
you need to:
Create two S3 buckets named: example.com and www.example.com.
Turn on the Static Website Hosting on these two buckets.
Configure redirect in bucket www.example.com to: https://example.com. In the bucket properties choose Static Website Hosting => Redirect all requests to another host name. In Target bucket or domain field, enter example.com, in Protocol field, enter https
For these buckets create two CloudFront Distributions. Each of this distributions point to corresponding bucket:
-
For Origin Domain Name provide bucket urls provided in Static Website Hosting section. The urls should have form (or similar): example.com.s3-website-us-west-1.amazonaws.com
On both distribution set HTTP to HTTPS redirect.
DO NOT USE URL SUGGESTED BY AMAZON AUTOCOMPLETE!
DO NOT SET Default Root Object PROPERTY!
Configure DNS by setting A records for www.example.com and example.com to point to corresponding CloudFront distributions.
Why does it work? CloudFront provides the redirect from HTTP to HTTPS in both cases (with and without www). The bucket for www.example.com provides redirect to example.com. If you didn't have this distribution, the bucket would not be able to redirect request for https://www.example.com. S3 itself does not support HTTPS for static website hosting.
Related videos on Youtube
Marc Greenstock
Updated on July 05, 2022Comments
-
Marc Greenstock almost 2 years
Forgive me if this has been asked before, there are a number of resources that touch on this, but nothing seems to fit for my specific (https) use-case.
I'm trying to redirect https://www.example.com to https://example.com. Likewise, this should work for http://www.example.com to https://example.com.
I have set up a cloudfront distribution with the origin of an s3 bucket, redirect http to https, added the cname example.com and added my domain certificate (which works for the www subdomain as well as the naked domain).
I have also set up a separate distribution, with a cname for www.example.com, added the certificate and set the origin to a separate s3 bucket that in (static website hosting) redirects all requests to https://example.com.
Redirection works as expected for http://example.com to https://example.com, however http(s)://www.example.com to https://example.com does not.
In route 53 I have the root domain aliased to the first cloudfront distribution and www aliased to the second.
-
Marcel Gruber over 7 yearsPlease see my answer here, which should be pretty helpful: stackoverflow.com/questions/36265027/…
-
2540625 about 6 yearsRather than close this question, could we move it to Server Fault? I'd like to add an answer.
-
Paul Razvan Berg over 5 years+1 for @jtheletter's proposal. Just for the record, I wrote an in-depth tutorial on how to set up a static website with S3, CloudFront and Route53. It describes a basic AWS infrastructure for properly handling a www subdomain.
-
-
kellen over 8 yearsThank you very much for posting your answer. I used it to get HTTPS redirects from naked domains to www, e.g. https://example.com -> https://www.example.com. This solution is counterintuitive because the AWS UI autocompletes to the standard S3 hostname (bucketname.s3.amazonaws.com), which you would think would be the correct way to do it, but for this use case, the static website hosting endpoint (e.g. bucketname.s3-website-us-east-1.amazonaws.com) is what you need.
-
Michał Czapliński almost 8 yearsIt is also important that your CloudFront distributions do not have anything set as the Default Root Object, because it will break the redirection in the S3 bucket.
-
maletor almost 7 yearsDo not set HTTP to HTTPS redirect on the www->naked CF distribution to avoid an unnecessary redirect. You want example.com to go directly to example.com not example.com first.
-
maletor almost 7 yearsDon't set the A record on 53 for www. Use a CNAME. Use ALIAS for A and AAAA record on root domain.
-
ffxsam over 6 years@maletor Either one works. ALIAS + A records are not just for root domains, they're used for pointing a DNS entry to a CloudFront distribution.
-
ffxsam over 6 yearsIt's also worth noting that simply using a CNAME on www.example.com to point to example.com will not redirect. Instead, www.example.com will bring up the same content as example.com which isn't the same.
-
Sam Kenny over 6 yearsSo my solution was to redirect the www.mydomain.com bucket to domain.com and set the protocol to be https. In each of the Cloudfronts (i.e. the one for www.mydomain.com and the one for mydomain.com) I set the CNAME to be, respectively, www.mydomain.com and mydomain.com. Once I had done this, in S3, I was able to select the appropriate Cloudfront as the Alias for A record. As per the above, I did not use the URL suggested by autocomplete - I used the static website hostname - and I did not set the default root property.
-
Miriam Schwab over 6 years@SamKenny when you say "Once I had done this, in S3, I was able to select the appropriate Cloudfront as the Alias for A record" - do you mean Route 53, not S3? Because youcan't set an Alias in S3.
-
Sam Kenny over 6 yearsThank you @MiriamSchwab! You are absolutely right. I had the number right...
-
2540625 about 6 yearsYour link points to a question. Which answer to that question did you intend to link?
-
Costa Michailidis almost 6 years@kellen, how do you forward apex to www? That's what I'm trying to do for my HTTPS domain. My canonical URL's include the www.
-
kellen almost 6 years@Costa have a look at the instructions in this answer. Just reverse the domains, since you want apex -> www. The important thing is to use the URL provided in the bucket under the Static Website Hosting section as the CloudFront target, not the autocomplete URL. stackoverflow.com/a/42869783/94671
-
bryan60 almost 5 yearsdoes anyone know WHY this works if in route 53 you set up www as CNAME for naked? I'm mystified.
-
John Red over 4 yearsSince we are required to not specify the "Default Root Object", what happens when a user goes to, say,
https://example.com
? Will he be shown the "index.html" page content by default? -
Monolord's Knight about 4 yearsAs of 2020 now, I was in same problem yesterday, and I tried a lot including this suggestion. It work for example.com to example.com but not for example.com So I figure out a new solution. Instead of redirecting in www.example.com S3 Bucket, that bucket hosts index.html that redirects to example.com both cloudfront distribution uses separate ssl certificate from ACM. That makes no problem for example.com and example.com to redirect to naked domain. Unless it's not that easy. Thanks
-
StayCool almost 4 yearsi tried this exactly and am getting a 301 redirect loop. spending hours and hours tutorial after tutorial ... :(
-
Philip Enc almost 4 yearsWhy no body explains that you need to install SSL certificate for every redirect you make in order to prevent "not secure" warning from the browser? its basic but people like me "just a developer" doesn't know that. I spent days trying to solve it until I discover this advice...
-
Razvan Grigore over 3 yearsAs of 2020, people should be using Lambda@Edge functions for this kind of logic: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/…
-
Frankster over 3 yearsI'm getting the same error. Could you elaborate more on the SSL certificate issue?
-
RKI over 3 years@Frankster You need to create SSL certificate for domain *.example.com and in additional addresses provide bare example.com. Then you need to these certificate for both CloudFront distributions for www.example.com bucket and example.com bucket.