In my AWS environment I have 2 hosted zones:
aaa.nl
bbb.nl
I have an elastic beanstalk (NodeJS) application running. It works fine. I want this EB application to be available via the domain name:
my-app.bbb.nl
I followed this approach:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-beanstalk-environment.html#routing-to-beanstalk-environment-create-alias-procedure
Configuring a new record is easy. I can select my EB application and the record is created successfully. And i see it listed in the record list of hosted zone bbb.nl (A Record)
Now I open up my browser and navigate to:
my-app.bbb.nl
To my great surprise, what I get to see in the browser is a different application that I have running at https://my-other-app.aaa.nl, but the url is https://app.bbb.nl (my-other-app is listed as an A record in hosted zone aaa.nl)
I did get some certificate warnings in my browser as well (in the browser I see that it has the ssl certificate of aaa.nl coming along),
I do have something else running correctly at https://bbb.nl
I have no idea how this is possible and how to debug this. Anyone any clues?
Use browser development tools to trace the request to my-app.bbb.nl
Look for redirection in response.
Check if my-other-app.aaa.nl isn't hardcoded into app itself.
Related
I have a NodeJS API application running on a single instance (no load balancer) on AWS Elastic Beanstalk. Previously the app was on the old Amazon Linux environment which was deprecated, so this is now just freshly created in a brand new "Node.js 16 running on 64bit Amazon Linux 2/5.6.0" environment. I verified the new environment is up and running properly and now the domain is pointing to the new version. When using normal HTTP traffic the application responds normally.
The previous version had SSL enabled. The certificate purchased a year ago was just reissued for another year (from NameCheap - third-party CA). I generated the new cert/key per NameCheap's instructions. To configure EB for using SSL, I followed these instructions from Amazon exactly: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-nodejs.html And currently have the contents of the cert, the ca_bundle, and the private key in my .ebextensions/https-instance.config file (just to get it working... for production this would reference files on S3). I ran the contents through a YAML formatter to make sure the spacing was correct.
While my application responds OK without HTTPS, if I simply add the S I get ERR_CONNECTION_REFUSED. I've looked through all the logs available from Elastic Beanstalk and there are no errors.
How can I get more detail on why the traffic is not forwarding? How would I be able to determine if the problem is the certificate, or the key, or some other error in a config file, etc?
I have a web application running on Elastic Beanstalk in load balanced environment however when I changed the configuration to a "single instance" environment the application returns a 408 Request Timeout with every https browser request to the server (custom domain).
The environment health in my AWS console shows everything is running okay so I am baffled by what could be causing the problem. When I change the configuration back to 'load balanced' everything works fine again.
When I change the configuration back to 'load balanced' everything works fine again.
Since you are using HTTPS with custom domain, when you switch to a single instance, the HTTPS functionality is lost. To make HTTPS work on a single instance, you need to obtained new SSL certificate (AWS ACM can't be used), and deploy it on your instance though re-configured Nginx:
How to Setup SSL(HTTPS) on Elastic Beanstalk Single Instance Environment
I have been trying to install Pivotal Cloud Foundry on AWS and I have troubles with it.
In the section upload-cert mentioned that I need to create SSL Certificates for:
*.system.example.com
*.login.system.example.com
*.uaa.system.example.com
*.apps.example.com
So, I've created domain xxxxx.com on AWS Route53 and created a certificate on AWS ACM for domain and subdomains.
So, my questions are:
do I need to create subdomains (system, login, uaa, apps) in AWS Route53
do I need to bound my domain and subdomain somehow to PCF? Or the installation process had to do it for me?
for now, if I open http://login.xxxxx.com/ it responses with 503. what can be the reason?
what is the correct url to open the PCF UI?
I have such error in Ops Manager. What can be the reason of such error?
The same about logs. When I tried to download logs for failed services it failed too. What can be the reason?
Thank you for the help!
do I need to create subdomains (system, login, uaa, apps) in AWS Route53
do I need to bound my domain and subdomain somehow to PCF? Or the installation process had to do it for me?
You can create a wildcard subdomain (*.xxxxx.com) and alias using the instructions here: https://docs.pivotal.io/pivotalcf/1-10/customizing/cloudform-er-config.html#cname
what is the correct url to open the PCF UI?
If you mean Ops Manager, it is whatever DNS entry you created and pointed to the Ops Manager public IP address in this step: https://docs.pivotal.io/pivotalcf/1-10/customizing/cloudform-om-deploy.html#create-dns
For the ERT UI, there is the Pivotal Apps Manager https://docs.pivotal.io/pivotalcf/1-10/console/index.html
which is usually apps.system.xxxx.com
You can see what system apps are deployed by connecting to Cloud Foundry using the CLI and seeing which apps are in the system org, and what their routes are.
for now, if I open http://login.xxxxx.com/ it responses with 503. what can be the reason?
If the DNS has not been set up, I'm surprised you're getting any response whatsoever. Usually you get 503s when the routers connected to the load balancers are failing for some reason (http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ts-elb-error-message.html#ts-elb-errorcodes-http503)
I have such error in Ops Manager. What can be the reason of such error?
This would explain the 503s if the router is unhealthy. I would SSH into those machines and see what the logs say (in /var/vcap/sys/logs), which should tell you what is going wrong.
The reason of the red instances on the Status page was that my AWS account had limit on number of instances and it failed to create VMs for this nodes.
To find more information open Changelog (https://ops_manager_host/change_log) and the open log of the FAILED setup.
I've a nice little ec2 instance, I've logged in the console, updated the YUM, started the httpd, but the IP doesn't work in the browser.
my httpd is up on chkconfig: httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Thought it would be as listed on my connect from public DNS, same as I connect to console through. I've used the S3 server into the properties on the instance and enabled static website hosting, just to test it before using PHP. Even created a like bucket, trying to use my domain name from the Route 53, but the Route 53 also shows "No Targets Available" in the S3 (or any other).
Alrighty, found it. Was a security issue, but here is the process, in two quick url's.
Tutorial: Installing a LAMP Web Server on Amazon Linux
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html?shortFooter=true
But it says if it doesn't work, check the security groups, and a couple of clicks later you're looking at this.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html?shortFooter=true
Go into the security group settings and add http from pull down and it's done.
Also, the second part where there isn't a target, be sure and associate the elasticIP (created in the AWS services console) and sure enough a web server is up and running. Once you've the elasticIP address simply add it to the route 53 rule set(s).
I'm a pretty new developer and deployed my first Django app via Elastic Beanstalk. I want to serve https requests and have configured my SSL certificate and have my load balancer set up correctly. When I go into EB > Configuration > Secure listener port and set it to 443 I'm getting the error upon saving:
LoadBalancerHTTPSPort: You have specified both the #deprecated(:default.aws:elb:loadbalancer:LoadBalancerHTTPSPort)
option as well as one in the new aws:elb:listener:443 namespace.
The :default.aws:elb:loadbalancer:LoadBalancerHTTPSPort option will be ignored.
Not sure what I'm missing because I'm still not able to serve https requests
I had the same problem with a NodeJS Elastic Beanstalk app. However, I was able to get around it by updating the Listener/Certificate settings via the AWS EC2 console (https://console.aws.amazon.com/ec2/), via the Load Balancers section (under LOAD BALANCING).
I was updating the certificate for a staging version of a cloned environment. This was the only way I could assign a different certificate to the staging environment.
See more at http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html