Similarly to other stacks, I have hosted a website using AWS services:
Registered domain on Route 53 (example.net)
Content is hosted on an S3 bucket
Got an SSL certificate using AWS Certificate Manager
Created a CloudFront distribution, pointed it to S3 and connected it to my domain with Route 53.
All of this works except for an issue at what seems to be the final hurdle. When I enter my domain url into the search bar, example.net, the connection isn't secure by default. I've illustrated the problem here.
I'm relatively new to hosting and can't find a solution relating to this. My thoughts are that I'm missing some Cloudfront or Route 53 configuration, since another thing that doesn't work is connecting via www (I don't care about that issue as much). Any input is appreciated.
By default enabling HTTPS on a website doesn't disable HTTP. They are both available, on separate ports. That's why you have to type https:// in the browser's address bar to go directly to the HTTPS version of your website. You can get CloudFront to redirect all HTTP requests to HTTPS by following this guide.
Related
I have set up a CDN by following this document: https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket
http (with port 80)
https (with port 443) with a google-managed certificate
example.com is pointing to the load balancer's ip adress (google domains)
the certificate says example.com is active
simple index.html is in the backend bucket
I can load http://example.com fine but it is insecure. When I load https://example.com on chrome I get the following:
This site can’t provide a secure connection
mydomain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Can somebody help me set up Cloud CDN with https using GCP storage?
EDIT: trying adding AAAA following How do you serve a static website using Google Cloud CDN, Google Cloud Storage, and a custom domain?
Requestor Pays was already off
The permission was to allUsers with Storage Object Viewer
EDIT2: adding AAAA didn't work for me
EDIT3: Got rid of AAAA. It is working now... I guess it takes quite long
Yes, depending on your domain provider. Normally, the longest takes up to 78 hours.
You need to enable the http-https redirect. You need to configure the http frontend, and there you have the option to enable the http-https redirect.
I would assume that you did not add the external IP of the Load Balancer as one of the domains accepted by your SSL certificate (and you shouldn't have to), so it will not really load the page via https://(LoadBalancer-IPAddress)
I have a domain hosted through Google. I'm using Google Workspace for a lot of my day-to-day operations (e.g. Drive, Gmail, etc). I'm using AWS as my infrastructure and business logic for my application. I'm having trouble making my site support TLS. If you visit it now, you get this on chrome and I can't seem to make HTTPS requests work.
I have my domain pointing to AWS via Custom Name Server.
My route 53 has the NS type records listed under the hosted zone
I've tried to request a Certificate from AWS to make it work.
My problem is I don't know how to tell Google about it. How do you let Google know about the certificate so I can make my site HTTPS?
I believe approaching Google is not going to solve your issue as in the above case Google is only responsible to host your domain . So DNS setup is only responsible to route requests to your site and not making your site more secured.
I also found that you are exposing your site as http rather than https and thats why your site is unsecured.
Is your site is running on a web server or is it hosted on S3 as static web site ?
Note: you cant enable https on S3 static website.
The workaround to above problem is below :
Route53 has A record to pointing to ALB (configured with ACM) distributing traffic to Ec2 instances running your web application.
If anyone is still looking. I wanted to keep it cheap with a simple S3 static website. If you want to maintain the S3 part, make a CloudFront distribution (if you haven't already.
Inside the CloudFront under the main settings, use a Certificate you made from Certificate Manager.
Then head over to Route53 (even if the domain is hosted via Google) and route the "A" name record to the CloudFront. NOTE: make sure the "Alternate Domain" name is filled in or else it won't see it.
Let it update for about a minute or two and it will show https
The hosted application worked until yesterday but suddenly not working today.
What I have done?
Using Cloudfront - To host my website from Amazon’s edge locations with a custom SSL certificate setup for my domain.
Amazon
Certificate Manager - To get HTTPS Certificate
Hosted my client application in S3. They wanted to access their site using a domain name. To achieve this I have provided two records as given below.
Type Host Value TTL
A # IP of the client domain 600
CNAME www CloudFront distribution URL 600
The thing is Endpoint which I got while configuring Cloudfront "d3ajo2v2g7lf33.cloudfront.net" is working but the domain name which I added as an alias to this endpoint is not working.
Probable findings from my side:
1) Used let's encrypt to get the SSL and it's about to expire within a week.
2) Added A record with the IP address of the domain. As am using Cloudfront am doubting that the domain does not have a static IP.
Also please let me know CloudFront distribution domain name IP will change every time or will it be static.
Kindly help me to resolve this.
CloudFront has CNAME record as well. So you have to register your domain name in the CloudFront distribution.
as for the SSL certificate for your custom domain, take a look at AWS ACM. It may be easier than using lets encrypt certificate (your call).
and yes. use the cloudfront's domain URL. it won't change unless you delete the distribution.
I have decided to switch to HTTPS for my Github pages custom domain, to do so I have followed this tutorial step by step. Namely:
Requested for an SSL in AWS Certificate Manager
Created a CloudFront distribution
Changed my DNS A Record to an alias to that distribution
But for some reason, when accessing christopherkade.com the URL follows the default root object I have set in the distribution (christopherkade.com/index.html) and Firefox gives me the following error The page isn’t redirecting properly and Chrome christopherkade.com redirected you too many times..
Here are my DNS records:
My page is hosted on this repository.
Did I forget something?
I have found a solution, but it required a change in the service used to deliver HTTPS. I sum it up here, but in short:
I now use Cloudflare as my DNS and changed my nameservers on AWS Route 53 to the ones given by Cloudflare after setting up my website.
As you can see christopherkade.com is now served in HTTPS.
The entirety of my web application is contained within various AWS services and is working properly with Cloudfront.
When I go to abcxxxx.cloudfront.net my site works as expected and is secured with https.
When I try and use my own custom domain with Route53 and setting www.mywebsite.com and mywebsite.com as aliases, it is no longer secure.
My alias target for each is the proper Cloudfront domain.
I don't know if the following has to do with my problem but when I try to go to mywebsite.com it says:
"this site cannot be reached"
but when I go to www.mywebsite.com it redirects to https with the "https" crossed out in red and displays "not secure".
Cloudfront also has the proper CNAMES.
How do I properly configure Route53 to work like my Cloudfront domain?
Mark B answered the question. Don't use Cloudfront's default SSL Certificate. Go to Certificate Manager and request a new one and use that one in Cloudfront. My site then worked exactly as expected