Home / server / Questions / 501670
Accepted
Alan
Asked: 2013-04-23 12:01:38 +0800 CST

Different routes for HTTPS vs HTTP traffic?

  • 772

I'm currently using Amazon Route53 to manage our DNS and have run into a snag.

Our static content is served from AWS S3, however, S3 doesn't support HTTPS with CNAME's. To get around Cross Domain issues, our static content is served via CNAME.

So, I'd like to continue to serve HTTP content via S3, and serve our HTTPS content through our own webserver.

However I'm not sure how I can route HTTP traffic to one domain (s3), and route HTTPS to another domain (a webserver).

domain-name-system

1 Answers

  1. Best Answer

    DNS is only concerned with resolving hostnames to IP, and is not concerned with protocol or port numbers -- this means to directly answer your question; No: you cannot use it to route https://example.com to one IP and http://example.com to another.

    There are a couple common ways around this:

    • Use a reverse proxy listening on both http:// and https://example.com, such as nginx. This proxy can look at the protocol and even request path, and route to other server(s) appropriately.
      • In addition to making your scenario possible, you also get other benefits: SSL offloading to reduce load on your app server, and the ability to run multiple app servers transparently for either redundancy or scale.
      • Downside: If all your servers are not on the same local network, this is pretty inefficient (and slow) as you're going across the internet twice.
    • Use separate subdomains, and have your servers send CORS headers. There are a ton of resources on how to do this so I won't get into it here.
      • Essentially, you'd have http://static.example.com and https://example.com. DNS would resolve static.example.com to S3, and example.com to your other app server.

    If your app servers are separated by slow network connections (sounds like they are) then IMHO the only way to go is a DNS-based solution.

    • 1