Unleash the amazon - AWS to the last
In my effort to move my whole online existence “into the cloud” I obviously came across my website. Usually this is not a problem at all, as this is just a static website. In this case the situation is a little more complicated, especially because of the following reasons:
- Instead of on a subdomain, my website runs on the root domain (julo.ch instead of i.e. www.julo.ch)
- My website is ssl encrypted (and I want to keep it that way)
- All the links to my website everywhere are to the ssl versions, too, so I can’t just turn ssl off.
So what to do? I looked at a lot of options, i.e. github pages. That would have been more than comfortable considering that my page is jekyll generated anyways, did not rely on many plugins (that I could easily replace) and was checked into git and on github already anyways.
Especially with the CNAME support that would have been a more then nice option. Using some kind of ALIAS a record that some dns solutions provide that even would have been possible with the root domain. But there is no way to make it work with SSL, not even when I put cloudfront in front of it.
Searching for other providers that had any kind of sensible pricing offering what I needed I found nothing.
So I turned back to amazon. S3 alone would not cut it, although it offers ssl support and CNAMEs they don’t work together. So I had to add cloudfront to the mix. Using SNI and my own SSL certificate I was able to combine the two and switch to amazon route 53 (dns solution) from my current dns provider, because my current provider does not support ALIAS records I was able to switch the whole page over to the cloud.
Additionally I will integrate some kind of auto deploy mechanism that will jekyll generate my page upon push and deploy it to S3 so that cloudfront can distribute it. A lot more work than just using github pages, but I can keep my SSL encryption (and do my little part in securing the internet) and I don’t rely on some kind of free offering but actually pay for what I use.
SO, what do you have to exactly? You need two buckets, one for the root domain, name it
example.com and just in case another one to forward www
www.julo.ch. Then you setup
example.com for webhosting and add a poliy for public access. Then setup the
www.example.com domain to redirect everything to
Afterwards you will need to upload your SSL Certificate to AWS. It is very helpful to read the amazon guide using alternate domain names and https, as the upload is quite complicated.
Please note that adding a misspelled/inexisting file will not result in a file not found error but in an invalid file error (can be quite confusing).
Last but not least you will need two cloudfront distributions, again one for
example.com and one for
www.example.com. Make sure to disable all client ssl support and enable SNI (otherwise you might spend a few hundred bucks per month for a dedicated IP). Add the correct CNAME in the config, forward http to https and on the root domain (the one that is not being forward) add
index.html as the default root document. Make sure that you use the actual endpoint url (the local one) and not the one that is suggested by the typeahead in the amazon interface. If you use the one from the typeahead you will get problems with the ssl configuration when AWS forwards the data.
When you are all set up, you can switch your DNS records. I can recommend Route 53 by amazon, the pricing is simple and it is integrated with CloudFront, which makes thing a lot easier. If you switch stuff over, don’t forget to make sure that you transfer the other domain records (like MX), too.
And then you are done! And now I am going to actually deploy this in production. Have a good night!
Here are some helpful links I used when doing this:
- secure static websites using AWS S3, SSL, AWS CloudFront, and AWS Route 53
- Setting Up SSL on AWS CloudFront and S3
- Deploying Jekyll to S3
- Jekyll blog on Amazon S3 and CloudFront
P.S.: As soon as I can see how much this whole fun will cost I will add it to this page!