问题
I host a site on a single EC2 instance behind CloudFront and need to redirect all non-www traffic to www.
From other Q/A here on SO I was able to configure an A record on Route53 to redirect traffic from example.com to www.example.com. However, this only works for http traffic, not https traffic.
How can I get the https traffic for the naked (non-www) URL to redirect to my canonical URL https://www.example.com?
I know there are similar questions asked already, but I don't see any with my same configuration (most are for sites hosted in an S3 bucket or for redirecting from www to non-www).
Current URL handling situation
https://www.example.com - Canonical URL for the site, handled by CloudFront
http://www.example.com - CloudFront redirects to https://www.example.com
https://example.com - Unreachable!!!
http://example.com - Route53 redirects to https://www.example.com via S3 bucket
Other details
The CloudFront distribution uses an AWS-generated certificate which covers the following domains:
*.example.com
example.com
Alternate Domain Names (CNAMEs) listed in the distribution are:
www.example.com
example.com
Route53 has the following A records:
www.example.com -> CloudFront distribution
example.com -> S3 bucket, configured to redirect to www.example.com
回答1:
Like I described in this answer to a slightly different question, the solution is to create a second CloudFront distribution in front of an empty bucket for the variant of your domain name that you want to redirect.
Configure the bucket to redirect, and when you configure the second CloudFront distribution to point to that redirecting bucket, be sure you type in the web site hosting endpoint for the bucket -- don't select the bucket from the Origin Domain Name drop-down list.
Remove example.com from the Alternate Domain Name setting on the existing distribution, and configure it on the new one.
You can use the same ACM cert on both distributions.
Point example.com to the new CloudFront distribution in DNS.
回答2:
The short answer is: There is no good way. (Personally, I don't consider hacky workarounds a solution.)
The long answer is:
There is no good way, but there is a way. I guess.
I've seen S3 and EC2 recommended by AWS staff in their forums. S3 is a non-option as you've noted. EC2 is probably the most "correct" until route53 or cloudfront can handle this.
- Create an ec2 web server and install ssl suitable for example.com (letsencrypt)
- Configure it to redirect example.com -> www.example.com
- Add an A record that points to the ec2 server
- (This won't work because EC2 doesn't support public IPv6) Add an AAAA record that points to the ec2 server
You can probably get away with skipping IPv6 support, but if you need it, ELBs support it -- so have fun with that.
来源:https://stackoverflow.com/questions/48197122/how-to-redirect-non-www-traffic-to-www-for-site-hosted-on-ec2-instance-behind-cl