I have an Elastic Beanstalk Rails application. I also have two domains:
api.example.com
www.example.com
I want api.example.com to be accessible only through SSL, https://api.example.com.
However, I want www.example to be accessible via normal http.
Currently, I have two listeners on my load balancer, one on port 443 and one on 80.
The problem is that you could now also access api without SSL, which is undesirable.
Is there a server level solution to my problem?
Elastic Beanstalk itself will not allow you to decouple SSL and non SSL routes on your application. Here is a some of the things you can do.
Decouple your Elastic Beanstalk application into two separate Elastic Beanstalk applications, one for SSL and one for non-SSL traffic.
Change the route settings in your Rails application. This post explains how to force SSL for some routes: Rails 3 SSL Deprecation. You can force SSL for your APIs and let www traffic be non-SSL
Don't use Elastic Beanstalk and host your application in EC2 with autoscaling and set it up so that it's fronted by Apache or nginx and create your specific rewrite rules to make sure every URL is served they way you want it to be (www to HTTP and APIs to SSL)
