forwarding HTTPS from Godaddy to AWS

glipper picture glipper · Feb 19, 2014 · Viewed 16.4k times · Source

I'm new to setting up and managing Websites. I've looked through many previous questions and none seem to quite fit my case. I think this question may be useful to many others.

I purchased a domain name and hosting services on Godaddy. I need to also have secure access so I also purchased an SSL certificate on Godaddy. The default settings thus routed http://mydomain.com and https://mydomain.com to my site. Godaddy also forwarded the www subdomains to my site - this all worked perfectly. I now needed to add a database and support for growth, so I am moving to a VPC on AWS with a public EC2 instance for the Website, and private EC2 instance for the DB.

First, I've read some posts indicating that the best way to move the Website is to use Godaddy's domain controls to forward the domain (via 301) to the AWS Website. Others seem to indicate that I should just make the domain servers point directly to the AWS Website. What are the advantages/disadvantages of each approach? Which is the better approach?

I've currently used the domain forwarding approach. However, for Godaddy, this seems to only forward HTTP requests and not HTTPS requests (they get a 'This Webpage is not available' error). Is there a way to forward the HTTPS address to AWS and retain (rekey?) the SSL certificate? What do I need to do with the SSL cert? If I need a new SSL cert, how do I attach it to the domain hosted by Godaddy but point it to the Website on AWS?

I'm a newbie, so please explain in detail. Thanks.

Answer

Sony Kadavan picture Sony Kadavan · Feb 19, 2014

I typically setup things this way:

  • Register for AWS Route53 DNS and point godaddy to this. I prefer this because it is easy to map AWS resources like S3 etc in DNS if we use Route53. Howto
  • Use Elastic Beanstalk instead of manually configuring EC2 and ELBs and Setup the SSL certs on Beanstalk/ELB. Howto
  • Handle the https redirect in your appserver configuration. Howto

Your current approach of "Forwarding (301)" of https to AWS using godaddy wont work. The forwarding by Godaddy is happening on a forwarding-webserver they are running (not at DNS level). So if they have to accept an https connection and forward, then they need the certificate for this and obviously they dont have your domain's certificate. So the only help godaddy forwarding will do is to forward the http to wherever you need. Typically I use this for "parking" additional domains and not for the primary domain (say xyz.net, xyx.co etc to xyz.com, where the .com is the primary domain). Here users wont go and type https explicitly and so it practically works.

Now, for the primary domain, they need to type https (or you redirect them to https) - In this case, you need to do a CNAME or A-record mapping. This can be done on Route53 (aws) or at Godady itself, by changing the DNS records (not 301 forwarding). Long explanation, hope it clarifies !