Reputation:
Serving Cloudfront pages Through HTTP only
I have a simple static site which I provide through Amazon's Cloudfront. There is nothing of importance on there so it does not need HTTPS, furthermore I don't want to go through the hassle and cost of setting up an SSL certificate for my site, and I'm happy if requests are sent through HTTPS are met with a service unavailable or whatever other error message would be considered appropriate. Instead, Cloudfront attempts to serve the HTTPS pages using its own certificate and so flags the site up in the browser as 'untrusted' due to the certificate/domain name mismatch.
Is there some way to disable HTTPS entirely in Cloudfront, or some other way of gracefully falling back to HTTP whilst still using Cloudfront?
Upvotes: 5
Views: 11586
Answers (4)
Reputation: 22058
Please notice that in case you wish to add an alternate domain name to a distribution:
It seems that since this release (Apr 8, 2019) when you add an alternate domain name to a distribution, you must also attach a SSL/TLS certificate to that distribution that covers the alternate domain name.
So in that case you can't disable HTTPS.
(*) Note: I personally don't see the mentioned option of HTTP Only for Origin Protocol Policy - although it is also mentioned here.
Upvotes: 2
Reputation: 2473
For those who are using AWS web console to setup their cloudfront, follow this path to change the "Viewer protocol policy":
AWS Web Console > Cloudfront > Cloudfront Distributions > [Select your distribution] > Behaviors tab > [Select your cache behavior] > Edit > Viewer Protocol Policy > Set "HTTP and HTTPS"
Upvotes: 3
Reputation: 734
I've had the same problem.
Amazon now offers SSL certificates free of charge with following restrictions:
- You can only use them in CloudFront or ELB.
- Browsers which don't have Server Name Indication support won't render your site correctly.
In my case, I just used it even though I never need it. It is much better than having "Untrusted Connection" on the browser.
I couldn't find any mechanism to graceful fail or to block HTTPS completely.
Upvotes: 4
Reputation: 13649
You can specify independently, for each CloudFront origin, if it should use HTTP and HTTPS or only HTTP using the Origin Protocol Policy setting.
Protocols
CloudFront forwards HTTP or HTTPS requests to the origin server based on the following:
The protocol of the request that the end user sends to CloudFront, either HTTP or HTTPS.
The value of the Origin Protocol Policy field in the CloudFront console or, if you're using the CloudFront API, the
OriginProtocolPolicyelement in theDistributionConfigcomplex type. In the CloudFront console, the options are HTTP Only and Match Viewer.If you specify HTTP Only, CloudFront forwards requests to the origin server using only the HTTP protocol, regardless of the protocol in the end-user request.
Source: AWS CloudFront documentation
Upvotes: 2
Related Questions
- EC2 running NGINX behind CloudFront with HTTPS?
- How to force cloudfront to use https (redirect http -> https)
- CloudFront error when serving over HTTPS using SNI
- AWS CloudFront works with HTTP, but HTTPS get error - The request could not be satisfied. CloudFront wasn't able to connect to the origin
- Cloudfront serving over own SSL certificate
- Using CloudFront only for free Amazon's ssl certificate
- Cloudfront, ELB and SSL
- Supporting HTTPS URL redirection with a single CloudFront distribution
- Amazon CloudFront and HTTPsL What do I do?
- Cloudfront in front of an IIS7.5 web server with SSL