I have a domain hosted through Google. I'm using Google Workspace for a lot of my day-to-day operations (e.g. Drive, Gmail, etc). I'm using AWS as my infrastructure and business logic for my application. I'm having trouble making my site support TLS. If you visit it now, you get this on chrome and I can't seem to make HTTPS requests work.
I have my domain pointing to AWS via Custom Name Server.
My route 53 has the NS type records listed under the hosted zone
I've tried to request a Certificate from AWS to make it work.
My problem is I don't know how to tell Google about it. How do you let Google know about the certificate so I can make my site HTTPS?
I believe approaching Google is not going to solve your issue as in the above case Google is only responsible to host your domain . So DNS setup is only responsible to route requests to your site and not making your site more secured.
I also found that you are exposing your site as http rather than https and thats why your site is unsecured.
Is your site is running on a web server or is it hosted on S3 as static web site ?
Note: you cant enable https on S3 static website.
The workaround to above problem is below :
Route53 has A record to pointing to ALB (configured with ACM) distributing traffic to Ec2 instances running your web application.
If anyone is still looking. I wanted to keep it cheap with a simple S3 static website. If you want to maintain the S3 part, make a CloudFront distribution (if you haven't already.
Inside the CloudFront under the main settings, use a Certificate you made from Certificate Manager.
Then head over to Route53 (even if the domain is hosted via Google) and route the "A" name record to the CloudFront. NOTE: make sure the "Alternate Domain" name is filled in or else it won't see it.
Let it update for about a minute or two and it will show https
Related
Please can someone advise if what I'm trying to do is possible - apologies I know a lot more about AWS than Azure, and I can't find any guidance online or bypass the issue by setting up services and 'giving it a go'.
I want to send SSL-secured subdomain traffic from AWS where our primary domain is hosted to Azure where some dependent services and resources are hosted. We want to use AWS ACM for SSL management/renewals, removing any dependency on third parties or Azure for this if at all possible.
I am able to set up a CloudFront distribution with an origin of an Azure Storage Account endpoint:
xxx.blob.core.windows.net
With an alternate domain name of a subdomain of the desired URL:
xxx.xxx.co.uk
I can secure this with a wildcard ACM SSL, and the resultant images are all secure.
I have also set up a static web app, applied a custom domain to it of:
xxx.xxx.co.uk
And with the appropriate DNS/CF I can make traffic to that Azure SWA secure.
Is it possible to do the same with Azure App Gateway? All the things that I've tried or the developers working in Azure (a third party) have tried do not work, we end up with mostly 502 errors depending on the configuration. Depending on the CF/DNS configuration, I can get through to the correct resources/services by bypassing an SSL warning.
Would adding a port 80/non-https listener for our subdomain on the App Gateway work?
Similarly to other stacks, I have hosted a website using AWS services:
Registered domain on Route 53 (example.net)
Content is hosted on an S3 bucket
Got an SSL certificate using AWS Certificate Manager
Created a CloudFront distribution, pointed it to S3 and connected it to my domain with Route 53.
All of this works except for an issue at what seems to be the final hurdle. When I enter my domain url into the search bar, example.net, the connection isn't secure by default. I've illustrated the problem here.
I'm relatively new to hosting and can't find a solution relating to this. My thoughts are that I'm missing some Cloudfront or Route 53 configuration, since another thing that doesn't work is connecting via www (I don't care about that issue as much). Any input is appreciated.
By default enabling HTTPS on a website doesn't disable HTTP. They are both available, on separate ports. That's why you have to type https:// in the browser's address bar to go directly to the HTTPS version of your website. You can get CloudFront to redirect all HTTP requests to HTTPS by following this guide.
Good Afternoon,
I have followed a few tutorials on this topic and I have researched to see what I may be missing, but so far I haven't come up with anything. I'm sure it's a simple fix I just need a bit of help.
So I have the domain brandonkjones.dev that I purchased through Google Domains and I am trying to forward it to a static page hosted on S3. I created the hosted zone in Route 52 with the name brandonkjones.dev.
and I changed the Google Domain name servers to match those generated by the hosted zone.
I also added the additional records to forward the subdomain www to the root domain.
and Finally, I added the CNAME entry to the custom resource records on Google.
I'm sure this tutorial left off a step and I'm missing something because the original tutorial didn't even mention adding the CNAM resource within Google. Any help is greatly appreciated.
I had this same issue, tried with multiple browsers and triple checked that I'd done all the Route 53 and Google Domains steps correctly to no avail. Then I opened my terminal and tried:
curl http://my-domain.dev
and it returned my index.html that I uploaded to my S3 bucket, meaning I'd done everything correctly, but my browser wouldn't let me access the website over HTTP. In my devtools network tab, I could see that even if I explicitly typed in http://my-domain.dev it would do a 307 internal redirect to https://my-domain.dev. This is a security feature that browsers have to keep users from navigating to insecure sites over http.
Since the tutorials I followed for setting up S3 static hosting with a custom domain registered on Google Domains did not setup any SSL certificates for enabling HTTPS, the only way I could access my website was over HTTP. One way to fix this issue is to turn off HSTS as outlined here. Or, you could use something like AWS CloudFront to serve your S3 site over https, which you'll probably want to do if you want other people to access your site without this issue.
I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com).
In GoDaddy I then configured DNS forwarding to point to my cloudfront resource.
This all works nicely, and if I go to my_domain.com in a browser then I see my website.
However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.
Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this.
Thanks!
(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com
The warning message:
The certificate details:
What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.
Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name
Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best
Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had
Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN
You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.
It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.
(edit) As #aavrug mentions in their comment, Amazon now have a guide for this.
When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.
It goes without saying that your certificate must be valid and verified as well.
It might be something wrong with your certificate or with your domain.
If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?
Have you added your domain on Alternative Domain Names (CNAMEs)?
Please have a look on the image below:
-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).
You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.
-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)
I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)
https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/
I have domain with aws example.com, currently I have record set so that when user goes to example.com, it serves static website from S3 (done with angular). Now, I have backend api (Lambda and API gate way), which is has url something like,
https://randomid.execute-api.region.amazonaws.com/Prod/api/getSomething?id=1
so, what I am trying to do is if front end makes a http call to example.com /api/getSomething?id=1, it should return me data (since I am using relative urls).
I was reading aws documentation, it seems i cannot use root domain, I have to use subdomain (api.example.com), I am ok with it. But, I am not sure how can i do that, any help would be appreciated.
Also, I may move my front end to subdomain (web.example.com), if I do that, with my backend at (api.example.com, hope fully I will figure this part), will I run into CORS issue?
Go through this AWS developer guide to change the domain name.
Apart from DNS configurations, it also requires to have a SSL certificate for the custom domain (Which could be taken from AWS Certificate Manager for free).
Also note that an API's custom domain name can be the name of a subdomain or the root domain (aka, zone apex) of a registered Internet domain.
If your Web and API have different subdomains, it will run into CORS. However you can setup a CloudFront distribution infront of both Web and API to avoid CORS.