forwarding HTTPS from Godaddy to AWS [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 6 years ago.

Improve this question

I'm new to setting up and managing Websites. I've looked through many previous questions and none seem to quite fit my case. I think this question may be useful to many others.

I purchased a domain name and hosting services on Godaddy. I need to also have secure access so I also purchased an SSL certificate on Godaddy. The default settings thus routed http://mydomain.com and https://mydomain.com to my site. Godaddy also forwarded the www subdomains to my site - this all worked perfectly. I now needed to add a database and support for growth, so I am moving to a VPC on AWS with a public EC2 instance for the Website, and private EC2 instance for the DB.

First, I've read some posts indicating that the best way to move the Website is to use Godaddy's domain controls to forward the domain (via 301) to the AWS Website. Others seem to indicate that I should just make the domain servers point directly to the AWS Website. What are the advantages/disadvantages of each approach? Which is the better approach?

I've currently used the domain forwarding approach. However, for Godaddy, this seems to only forward HTTP requests and not HTTPS requests (they get a 'This Webpage is not available' error). Is there a way to forward the HTTPS address to AWS and retain (rekey?) the SSL certificate? What do I need to do with the SSL cert? If I need a new SSL cert, how do I attach it to the domain hosted by Godaddy but point it to the Website on AWS?

I'm a newbie, so please explain in detail. Thanks.

Answer 1

I typically setup things this way:

• Register for AWS Route53 DNS and point godaddy to this. I prefer this because it is easy to map AWS resources like S3 etc in DNS if we use Route53. Howto
• Use Elastic Beanstalk instead of manually configuring EC2 and ELBs and Setup the SSL certs on Beanstalk/ELB. Howto
• Handle the https redirect in your appserver configuration. Howto

Your current approach of "Forwarding (301)" of https to AWS using godaddy wont work. The forwarding by Godaddy is happening on a forwarding-webserver they are running (not at DNS level). So if they have to accept an https connection and forward, then they need the certificate for this and obviously they dont have your domain's certificate. So the only help godaddy forwarding will do is to forward the http to wherever you need. Typically I use this for "parking" additional domains and not for the primary domain (say xyz.net, xyx.co etc to xyz.com, where the .com is the primary domain). Here users wont go and type https explicitly and so it practically works.

Now, for the primary domain, they need to type https (or you redirect them to https) - In this case, you need to do a CNAME or A-record mapping. This can be done on Route53 (aws) or at Godady itself, by changing the DNS records (not 301 forwarding). Long explanation, hope it clarifies !

Answer 2

There are several questions on this post:

First, I've read some posts indicating that the best way to move the Website is to use Godaddy's domain controls to forward the domain (via 301) to the AWS Website. Others seem to indicate that I should just make the domain servers point directly to the AWS Website. What are the advantages/disadvantages of each approach? Which is the better approach?

One advantage in having a 301 is that if you are have a new address it allows your users to find that new address using the old address. The disadvantages are that there's a bit a of delay on the request because you are going through two hops instead of one and that also you give a perhaps small sense of "ping ponging" to the user. Nevertheless, this an option if you want to redirect from HTTP to HTTPS

The advantages of not using a redirect is just that it's faster but also if you have an old address people may not be able to find it.

I've currently used the domain forwarding approach. However, for Godaddy, this seems to only forward HTTP requests and not HTTPS requests (they get a 'This Webpage is not available' error). Is there a way to forward the HTTPS address to AWS and retain (rekey?) the SSL certificate? What do I need to do with the SSL cert? If I need a new SSL cert, how do I attach it to the domain hosted by Godaddy but point it to the Website on AWS?

Redirecting from HTTP to HTTPS doesn't have anything to do with your domain registrar (i.e. GoDaddy) . That usually happens at the firewall, load balancer or application level. It really depends on your architecture and how you want to front your application. For example,

1. If you have a firewall or set of firewalls fronting your application you can redirect all traffic from port 80(HTTP) to port 443(HTTPS).
2. Another way is to front your application with a web server like Apache or nginx and redirect all port 80 traffic to 443 (This is perhaps the most common option, in this case the certificates would be installed on the web server).
3. Another way is to have application servers running on both 80 and 443, then have the application server on port 80 send everything to port 443 (Not that common. In this case the certificates would be installed on the main application running on port 443)
4. Furthermore, you could also setup the redirects at the load balancer level. In this case you would not need HTTPS between the load balancer and the application server since the load balancer itself is handling the HTTPS traffic (Assuming that your application server is in some sort of private network) Note that Amazon's ELBs don't support redirects. This option would be available on hardware load balancers like the Brocade ADX or the Citrix Netscaler or software load balancers like HAproxy.

Hope this helps.

[Edit]

There are some domain registrars that will allow you to setup an HTTP redirect (a 301). However, like I mentioned before this is not a DNS feature per se. For example, dynect will let you do that: