I'm currently going through the process of switching our domain, we'll say we're moving from olddomain.com to newdomain.com
We have all of our services hosted on AWS, and I'm having an issue with our www subdomain not properly redirecting to the new domain.
I'm trying to have www.olddomain.com redirect to www.newdomain.com - the strategy that I'm on currently attempting is to use an s3 static site that redirects to the new domain. Since the site/url is https, I'm also needint to put a cloudfront distribution in front.
Starting from the bottom and moving up...
The s3 static site url directly works fine for the redirect.
The cloudfront distribution (pointing properly to the s3 static site) works fine for the redirect, both on http and https.
I have the DNS record for www.olddomain.com pointing at the cloudfront distribution
Going to www.olddomain.com does NOT redirect, but instead tries to render our web application on a broken www.olddomain.com (server is setup to not allow traffic from there anymore).
I've gone through a lot of different options and configuration, but it's very stange/important that the redirect works fine directly on the s3 static site as well as the cloudfront distribution, however it does not work when going to the domain that points to the cloudfront distribution. Please let me know any further details that can be supplied to help look into this issue and I'll be happy to supply them.
The issue for me ended up being that I needed to add the alternate CNAME of www.olddomain.com and the ssl certificate for that domain in the cloudfront settings.
Related
I have a single page application (made with angular), which I am serving by pointing cloudfront to an S3 bucket. This is working well.
However, I want to run the backend of my website via the same domain - What I've done is added another origin to my cloudfront distribution which points to elastic beanstalk where the django app is running.
Then, I configured behaviors so that the Path Pattern /apiv1/* is handled by django. This doesn't work and I'm getting a 403 forbidden error when trying to access my endpoints.
The behavior I'm looking for is as follows:
/ should point to index.html and load static files (this currently works)
/apiv1/... should point to django. For example, to access a login endpoint I would have website.come/apiv1/api/login (as a pose to localhost/api/login on my machine).
Is this possible?
If anyone is doing something similar, here is a fix:
Add a subdomain - I added api.example.com which is a subdomain of example.com
Then, in Route 53, I configured api.example.com to point to elb via an alias and requested an ssl certificate for the subdomain! Note, YOU MUST use https when making requests hence the reason for the ssl certificate.
I simply changed the base url in my angular http requests and it works.
I have a website installed and working correctly on my EC2 instance. I want to setup CloudFront and use it as a front CDN service just like CloudFlare. (My old stack was like that; I was able to serve the whole website through CloudFlare just by adding proper DNS records)
Here is what I did:
I created a CloudFront web distribution.
I've setup an origin as secret.example.com (secret.example.com works normally on browser)
I've added www.example.com as CNAME to my CloudFront distribution.
I've set a CNAME record to point www subdomin to my CloudFront's distribution domain.
Here is what happens:
I can't connect to my website through CloudFront distribution's domain. Thus, www.example.com doesn't work.
What did I do wrong?
My apologies if you've already taken a look at the Amazon documentation regarding the subject, but I've once tested this solution and it worked fine for me:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html#concept_CustomOrigin
Take a look and see if you have missed a step (for example with the headers)
The entirety of my web application is contained within various AWS services and is working properly with Cloudfront.
When I go to abcxxxx.cloudfront.net my site works as expected and is secured with https.
When I try and use my own custom domain with Route53 and setting www.mywebsite.com and mywebsite.com as aliases, it is no longer secure.
My alias target for each is the proper Cloudfront domain.
I don't know if the following has to do with my problem but when I try to go to mywebsite.com it says:
"this site cannot be reached"
but when I go to www.mywebsite.com it redirects to https with the "https" crossed out in red and displays "not secure".
Cloudfront also has the proper CNAMES.
How do I properly configure Route53 to work like my Cloudfront domain?
Mark B answered the question. Don't use Cloudfront's default SSL Certificate. Go to Certificate Manager and request a new one and use that one in Cloudfront. My site then worked exactly as expected
I have a custom domain and I managed to redirect the naked(apex) domain to www subdomain using S3 static website hosting redirect over http. (Without using Cloudfront) (http:// ...)
AWS S3 redirect window
Now that I have setup SSL certificate at my server, my redirect url is secured. And I wish to redirect all the traffic from apex domain to this secured url now. (https:// ...)
On first thought, I changed the protocol in the S3 static website redirect config to https, but it doesn't seem to work as expected.
Documents and other links suggest that I need to make use of Amazon Cloud Front and setup certificate and then the redirection would happen (haven't tried yet).
My question is, since I have setup the certificate at my server, the url I am redirecting to is already secured, I do not wish to do the same in Cloud front. Is there a way I can redirect all traffic from to a secured url without setting up cloud front?
Update 1:
Well S3 changes took their own good time in reflecting with changes.
The protocol redirect to https seems to work now.
It took more than a day's time to reflect the changes.
In my experience, it usually takes 8 hours for DNS related change to reflect. But this redirection took a bit more than usual.
Anyone looking for how to do it :
This is all you need to do
I have the following setup:
A documentation website hosted in an S3 bucket
A CloudFront distribution using that bucket as its origin, accepting HTTP or HTTPS traffic
3 custom domain names registered through Route 53; let's call them example.com, .net, and .org.
An ACM certificate for those 3 domains so HTTPS will work
The example.com Hosted Zone has an ALIAS record pointing to the CloudFront distribution, so http://docs.example.com or https://docs.example.com will show the website.
Now, I want to put the following redirect rules in place. Basically, everything should redirect to docs.example.com, using whatever protocol the user originally requested with.
http://docs.example.net > http://docs.example.com
https://docs.example.net > https://docs.example.com
http://docs.example.org > http://docs.example.com
https://docs.example.org > https://docs.example.com
This is where I'm having trouble. If I point the .net and .org subdomains at the CloudFront distribution with ALIAS records, then the URL will still show that subdomain, rather than .com. If I create S3 buckets named after the .net and .org subdomains with redirect rules to the .com, and add ALIAS records to those buckets, then everything works great for HTTP, but HTTPS fails b/c the ACM certificate only works for CloudFront, not S3. And if I try to just add CNAME records to the .net and .org subdomains that point to .com then HTTPS still fails, and also HTTP redirects to HTTPS for some reason.
According to this SO post, it looks like my only option is to create two additional CloudFront distributions, one for .net and one for .org. But that just sounds so over-engineered to me, and will really bloat the CloudFormation template that I'm using to do all of this.
Can anyone recommend a simpler solution?
There is no direct approach in CF to redirect across domains (Even though .com .org and .net linked to same distribution). The simplest approach I could recommend is to use AWS Edge Lambda in Cloudfront to redirect accordingly.