Amazon Route53 redirection - spring

I have a domain example.com in AWS and have got one load balancer and one ec2 instance. Trying to setup https with certificate from AWS.
Route53 setup and A record setup is done as follows for domain to load balancer.
domain name - *.example.com
Name:-
example.com.
Type:-
- Ip4
Alias Target :- dns name of load balancer.
My web is a spring based web and it redirect user to landing page if user access www.example.com --->>> www.example.com/landing.
After all the setup, if i access like the below url, it is working fine.
https://www.example.com/landing
But if i access without www,
https://example.com/landing --> It leads to browser security page.(Your connection is not private
Attackers might be trying to steal your information from ...)
Our certificate is based on the domain name *.example.com.
If I simply access, https://example.com/ ---> It gets redirected to http://example.com/landing -- > Spring app redirects like this with http.
http://www.test.com/landing leads to certificate trust error. (https://example.com/landing).
Getting site can not be reached error if i simply access, http://www.example.com/
I am looking for URL redirection to https if user access using http or without www or without any scheme. Not sure if i have to configure anything in Route53.
Also, Do i need to configure in my app to redirect to https?

Your current certificate should not work for the root, i.e. https://test.com
Either purchase an alternate name for https://test.com or use only www.test.com as your website. You do not need to change anything in Route53 for now. You probably do need to add redirection in your webserver/app to use HTTPS-only, unless you want to leave it to the users.

Related

Why is my Google domain not directing to https?

I deployed an app on Heroku and set up automatic SSL configuration. According to my Heroku, my app can be accessed via https. If I use that URL, the connection is indeed secure.
I added a Synthetic Recored in my google domain to point to this url. I also added a Custom Resource Record where the Name is www, Type is CNAME, and Data is my DNS Target for the app.
I can only connect securely when I use https://www.osrshub.com. If I use www.osrshub.com or osrshub.com, it is not secure. What am I doing wrong?
The comment from user2864740 is correct. I needed to update my front end to redirect to https.
Force SSL/HTTPS with mod_rewrite

Website redirect setting for https:// prefixed naked domain

I have a site registered on Google Domains and deployed on an Azure VM, HTTPS enforced via the IIS webconfig file. It all works fine, except for 1 piece:
https://mywebsite.com results in "this page cannot be displayed, mywebsite.com unexpectedly closed the connection."
https://www.mywebsite.com works fine, as does the unsecure naked domain redirect (http://mywebsite.com; it redirects to the https://www prefixed link, I have set this up this Permanent redirect in Google domains).
Given the above, what setting (on my Azure VM SSL binding, or Google Domains, more likely) could I change to make sure if someone types in https://mywebsite.com, they will reach it?
Thanks!
Do you have a binding listening on port 443 to mywebsite.com? This should solve the issue.
cheers

How to setup a root domain redirect for https with google domains

Using Google Domains, I've set up a synthetic record to redirect foo.com -> www.foo.com. Just like in this example:
https://support.google.com/domains/answer/6346300?hl=en
However, it doesn't seem to work with https://foo.com.
How do I configure it so that the subdomain forward works with https as well?
To give it more context, I'm mapping my custom domain to a heroku app, so I've set up a CNAME record for www.foo.com, and would like https://foo.com to be mapped to https://www.foo.com
Before providing any input please confirm if you are using any pointing service?
If http://foo.com is working whereas https://foo.com is not then you may need any service like pointDNS or cloudflare.

Redirecting naked domain to www with DNSimple

We're using DNS simple to point our domain to our SSL-enabled Heroku app. The behavior we're seeking is as follows:
http://ourdomain.com
https://ourdomain.com
http://www.ourdomain.com
Should all permanently redirect to:
https://www.ourdomain.com
We've already created a CNAME for www.ourdomain.com that points to our app's .herokussl.com domain, but we're not sure what to do with the naked domains. In GoDaddy, we used to do non-masked forwarding. DNSimple doesn't have forwarding, but does have special entries called ALIAS and URL, though we're not sure what to use.
To configure a redirect you should use an URL record as described in our redirect documentation.
However, it's not possible to redirect an HTTPS URL because of the priority between SSL negotiation and HTTP headers. In this case, because you also want https://ourdomain.com to redirect to https://www.ourdomain.com, then you need to create an ALIAS for ourdomain.com to your Heroku SSL endpoint and handle the redirect in your app.

How to do facebook auth through a remote proxy

Say I have an app with a Sinatra REST API at http://example.com:4567. With my app I have a designer working on the front-end. Rather than set him up with a local back-end I edit his hosts file as follows:
127.0.0.1 local.example.com
and his httpd-vhosts.conf as follows:
ProxyPass /api http://example.com:4567
ProxyPassReverse /api http://example.com:4567
so that API calls are proxied to the remote host. I then create a vhost for local.example.com in apache that maps to his local directory where our front-end repo is. This allows me to give him a remote back-end with a local front-end.
The reason for the subdomain is because we do Facebook authentication which has its restrictive domain policies for auth. We can successfully facebook auth a user and get redirected back to the app, but when attempting to get an access token get a 400 response with the message:
{"error"=>{"message"=>"Missing client_id parameter.", "type"=>"OAuthException", "code"=>101}}
I believe the client_id is correctly set as it's set in the rack:oauth:client object correctly, and the flow is identical and only fails when the domain is different. The only thought I have is that facebook might not like that the user auth's from local.example.com while the access token is requested from example.com, but my understanding is facebook will authenticate on all subdomains. I've also whitelisted local.example.com on my App.
Any insight or advice into how to accomplish this? Thanks in advance.
Turns out it wasn't a domain issue, but rather fb_graph, the open source fb api from nov, uses basic auth by default, you need to set auth to something other than ":basic" when you get the access token in order to solve this error.

Resources