I'm looking for some CDN where I can setup certificate for httpS
I have subdomain.site.com and I need that all files from https://subdomain.site.com hosted on amazon servers
quick look showed me that I cannot setup own httpS certificate for custom domain bucket on S3 - is this correct ?
Can Amazon CloudFront do this ?
Yes, you can serve a CloudFront distribution over HTTPS with a custom domain now.
Amazon recently rolled out a new feature that supports custom SSL certificates at no charge using SNI (Server Name Indication): http://aws.amazon.com/cloudfront/custom-ssl-domains/
Well, appears that is not posible
Might be relevant. But as of today, AWS offers the ability to upload a custom SSL certificate. $600 / month. More details on their page: http://aws.amazon.com/cloudfront/pricing/
Related
I have a Spring boot application deployed using AWS Elastic Beanstalk, im using S3 bucket for my angular app.
I have generated certifacate using aws certifacate manager and created CloudFront Distribution so my angular app is loaded on https.
The problem is I am calling a rest API from Https deployed Application to Http Rest API.
I keep getting this error:
Mixed Content: The page at "https://mywebsite.com" was loaded over HTTPS, but requested an insecure XMLHttpRequest 'http://myendpoint'. This request has been blocked; the content must be served over HTTPS.
I tried generating my own certificate in my spring boot application it worked locally but once deployed on elastic beanstalk web services doesnt respond.
any tip on how use https / beanstalk ?
The error message sums the problem clearly. It would be a huge security issue to allow unencrypted data transfer, for seemingly securely encrypted web page.
Moreover, you don't really want to do SSL termination on your instances, for performance reasons, you don't want to manually manage keys an so forth.
In your situation, I would advise setting up a CloudFront distribution in front of your ALB (which I assume you have). That will solve your problems immediately, as CloudFront will automatically setup a domain for you and will expose your endpoints via HTTPS. Afterwards if you decide, you can easily setup a custom domain and certificates.
Finally, I recommend reading this article to make sure you avoid common pitfalls when configuring ALB and CloudFront.
Best, Stefan
I am running a Spring Boot application in EC2. I want to make the API calls as HTTPS instead of HTTP.
This is what I did:
Brought a domain in godaddy and configured it in Route 53.
Created a cert from AWS certificate manager.
Created a Load Balancer and added the cert.
In route 53 directed my traffic to ELB.
Above things are working fine now. I have only one instance. Use of ELB is only for SSL. But I want to get rid of ELB as it is costing me more
Is there any other way I can make the API calls as HTTPS for spring boot application running on ec2 without ELB?
ELB can be quite expensive, and most of all useless if you have only one instance.
Try to put CloudFront in....well...front of your instance. You get the benefit of managing AWS certificates in the same way you are doing with the LB, and also you can take advantage of caching and edge locations.
You can also redirect Route53 to CloudFront, just add a CNAME to your hosted zone that reference the cloud front DNS.
Does anyone know how to easily setup https for a rest api in google compute engine ? I have currently a static ip and the api works over http but in the browser when I call it I get mixed content error because the client is server over https (firebase hosting)
Is it possible to setup https with only a static ip (and not a domain name) ?
-Jani
Is it possible to setup https with only a static ip (and not a domain
name) ?
Yes, it is possible, but since 2016 you cannot purchase an SSL certificate with a public IP address. You can use a self-signed certificate but you will have even more browser issues. Not recommended.
Possible Options:
Use your domain name (or purchase one) and use Let's Encrypt for SSL which is free and is one of your better options.
Use a different service such as Cloud Run, Cloud Functions, Firebase or App Engine which offers SSL and does not require a domain name that you own as you can use Google's endpoint.
Attach a Google Load Balancer in front of your Compute Engine instance and configure a front end with a Google Managed SSL certificate. However, this will require a domain name.
If you do not want to use your own domain name, then option #2 is your only choice.
To setup https for a rest api in google compute engine:
1- You have to buy a domain
2- You have to buy an SSL certificate
3- create a load balance resource in Google Cloud to which I assign the domain and the certificate
4- You can install the certificate to the server directly
If you want to use https over IP instead of domain, please follow click here
Currently I'm hosting a client application written in AngularJS on Google Cloud Storage using the configuration described here.
I like this configuration because it acts as a CDN and we don't have to use a dedicated machine to host the frontend files.
The problem is that Google Cloud doesn't support HTTPS for custom domain names, and we want to improve our security standards serving at least the login page on an https domain.
¿Is there anyway we can keep the static files hosted on Google Cloud/some other CDN for fast serving and use an https domain?
Update
For anyone interested, we finally migrated all our CDN with HTTPS requirements to Amazon S3 + CloudFront and it works like a charm.
While Google Cloud Storage does support HTTPS, it does not support HTTPS for custom domain names.
Although you've found a solution not connected with your original question, I'm answering in case someone gets here with the same question like I did.
Google Firebase link is an excellent way to serve websites (and apps) as it is automatically through SSL (https) and Google Edge servers (effectively CDN function). And https will work using your own domain name. You can push your site from your local machine (Node.js needed) or from GitHub, Gitlab, etc. using continuous integration/deploy.
There is a generous free trial plan to try it first, then a reasonable monthly rate to pay as you go as your usage grows. plans
Is it possible to host mysite.com/ from ec2 and mysite.com/logo.gif from cloudfront?
No, you won't be able to make the part of the URL after the domain name influence the DNS lookup for mysite.com. However, if you're willing to settle for something like "images.mysite.com/logo.gif", you can easily resolve images.mysite.com to your CloudFront distribution using a CNAME.
You could also configure the web server on your EC2 instance to redirect or proxy to CloudFront - but then your server is still getting hit every time that resource is loaded, which eliminates most of the benefit to using a CDN in the first place.
In a way, you can. You would need to use a reverse proxy on your web server at mysite.com.
http://en.wikipedia.org/wiki/Reverse_proxy
To agree with David (above), you can set up a DNS CNAME for your CloudFront distribution, but the best you could do would be a subdomain of your site. It's a better way to do things anyway, if you follow Yahoo! or Google website performance guidelines.
developer.yahoo.com/performance/rules.html
code.google.com/speed/page-speed/docs/rules_intro.html