Spress on AWS with HTTPS

Sep 11, 2016

When I got started on my migration to Spress I figured that I would just run the site on a generic hoster that also offers letsencrypt certificates. Turns out, there really wasn’t any hoster who came close to the $7 DigitalOcean VM. So, AWS it is.

Specifically, deploying to S3, letting it do the static site hosting and putting CloudFront in front (haha) of it to handle HTTPS.

Amazon has an excellent guide to get you started setting that up. Just follow that and when it comes to the certificates, use AWS Certificate Manager or letsencrypt-s3front to handle the certificates.

Caveats

I had a terrible time getting letsencrypt-s3front running on macOS, mostly due to problems with Python and build dependencies. When I ran it on a regular CentOS VM with a working letsencrypt setup, everything worked fine. When Docker finally runs half-way stable on my machine I plan on handing that off to an image to rerun without effort when I have to renew the certificate… Update 2016-12-30: Consider using AWS Certificate Manager instead of Let’s Encrypt, it’s much less hassle.

Apparently, CloudFront does not support HSTS in any way. While that’s not perfect, it’s a reasonable compromise for everything else this AWS setup can do.

If your homepage works without index.html but your posts do not, see this stackoverflow post and use the S3 endpoint URL (HTTP only) to avoid issues.

Spress integration

You don’t have to upload your build manually to S3, the AWS deployment plugin will do that for you. The Github documentation should suffice for setting it up (thanks to the maintainer merging my v2 support and documentation updates already).