I am new to nginx. I have a setup as below.
User ----> AWS ALB ---> AWS EC2 (with nginx for reverse proxy)
Which of the following should I put for server_name in nginx?
Domain Name that configured to point to ALB(mydomain.org)
ALB DNS Name
EC2 DNS Name
EC2 Elastic IP
Related
I own the example.com domain name. For the moment I connect that to two services.
One for firebase as a A name record for the sudomian business.example.com
Another for AWS as A record and a CNAME record.
This is my namecheap Advanced DNS settings
Type
Host
Value
A record
#
AWS IP
CNAME record
api
example.com
A record
business
Firebase IP
For the moment if I visit http://example.com/ it will show me the "Welcome to nginx", So that is clear that since the host is point to # in the A record, the domian is fully connected to the AWS eC-2
What I want is to ONLY CONNECT api.example.com to AWS and connect full domain to vercel. So that I can use example.com and www.example.com in vercel.
How do I do this?
First, make sure that you have created an Elastic IP address in the Amazon EC2 management console. This is a static IP address that will stay with the instance (and can be moved to other instances).
Then, configure your DNS with an A-record that points api to the Elastic IP address:
Type
Host
Value
A record
#
Vercel IP address
A record
api
Elastic IP address (eg 1.2.3.4)
A record
business
Firebase IP
I have a Classic load balancer configured on my AWS webservices at xxx-xxx.amazonaws.com
and have also added route 53 to configure. But it seems there is no traffic moving from my domain to load balancer DNS. Need Help.
On my EC2 Server, I have added a MERN Stack application and used nginx to route the traffic from :80 to :8080. Next, a Elastic IP address is added to ec2 server.
A certificate is created using AWS's ACM and attached to the classic load balancer.
The domain records are handled by AWS's route 53. Domain name is aamchymumbai.com.
Thank you!
I did get a fix using CLoudfare.
Another follow up question, I have now. How to can I redirect domain.com to ec2-server.com:8080 and sub-domain.com to ec2-server.com:5000 using nginx + cloudfare?
Your Elastic Beanstalk environment's Domain name says:
To route users to your environment, Elastic Beanstalk registers a
CNAME record that points to your environment's load balancer. You can
see URL of your environment's application with the current value of
the CNAME in the environment overview page of the Elastic Beanstalk
console.
My simple questions are:
where is this CNAME record located in AWS?
is it possible to make this subdomain SSL (redirect http to https)?
Why would I want to do this?
My application works fine, but Elastic Beanstalk says my health is "Severe" (red exclamation) when the only thing wrong is that I intentionally made my real domain (the non-Elastic Beanstalk subdomain) I have in Route 53 redirect to https (443) by modifying the load balancer. Now this Elastic Beanstalk subdomain also routes to https when it's not setup, which is what causes the health error.
where is this CNAME record located in AWS?
It is AWS-owned domain, so AWS holds it in its systems.
is it possible to make this subdomain SSL (redirect http to https)?
No, its not, because it belongs to AWS, not you. For proper HTTPS, you need your own domain that you can control. If you have such a domain, you can free SSL certificate for it from AWS ACM.
I have an Ubuntu 18.04 LTS EC2 Instance with a deployed Django application. The instance also has an elastic IP. The Django application already has a domain name mapped to it in nginx, and it also already has an SSL certificate mapped using certbot.
My questions are:
Do I need to add an HTTPS listener to the load balancer? If yes, do I use the SSL generated by certbot? How?
Do I need to change the IPV4 that is in the nginx config file and DNS record with the new IPV4 of the load balancer created?
Do I need to add an HTTPS listener to the load balancer? If yes, do I use the SSL generated by certbot? How?
Yes, you would need to create a HTTPS listener and you need to use a certificate, you can import the same certificate you're using on nginx or get a new certificate from ACM (free), both will work as long as the subject/SAN are correct.
Do I need to change the IPV4 that is in the nginx config file and DNS record with the new IPV4 of the load balancer created?
ELB provided DNS name , the IP changes so you can't use IP address but after using ELB, you don't need elastic IP on EC2 instance , the communication between ELB and EC2 is on private IP so you can allow 0.0.0.0 in nginx and restrict ELB to make connections to ec2 instance, you will need to point your website to ELB DNS name eventually.
Ok, so I have a working Flask application on elastic beanstalk, and I need to have HTTPS running on it. I have it connected to a VPC which has an Elastic IP so my DNS can route to it.
I have successfully uploaded my HTTPS cert to IAM and added it to the load balancer for my app using the config section in the elastic beanstalk panel, but the problem is I have no idea how to apply it to the VPC.
Here's my current setup so you can understand why I'm having difficulties
domain on namecheap
|
|
Name server records are pointing to digital ocean
|
|
DNS A records on digital ocean ---> Various subdomains hosted on digital ocean
|
|
Subdomain pointing to elastic IP on VPC (want to add HTTPS here)
|
|
elastic IP pointing to elastic beanstalk env
|
|
load balancer which has cert (connecting directly here gives the cert)
|
| (this connection is HTTP)
|
app
I don't really need end to end encryption, and I have a feeling that the cert should somehow be attached to the VPC and not to the load balancer. I have no idea how to do that though.
Things I've tried
Connecting directly to the given auto generated domain for the env works but the cert is for my subdomain so I get a security error
On the security groups section in VPC I have checked that port 443 is open for inbound and out bound traffic for the load balancer and the VPC security group
The problem is the domain name is pointing to an Elastic IP. This is not the correct way to use Elastic Beanstalk and won't work with the load balancer at all. The DNS record should be a CNAME pointing to the Elastic Load Balancer domain name. If you need it to be the root domain like "example.com" instead of a subdomain like "www.example.dom" then you will have to transfer the DNS from Digital Ocean to AWS Route53