I am trying to do a feasibility check on the below problem.
I have a tomcat running on EC2 machines which is load balanced using ELB. Currently the ELB is accessible using https://abc.example.com (using ROUTE53 hosted zone).
I want to achieve something where I can reach the application from https://example.com/abc
Is this even possible ?
Thanks in Advance!
You cannot point DNS to a path on your site.
DNS converts abc.example.com into the IP address of the ELB/server. The request for /abc is then sent to the ELB/server on the designated port.
You should consult your web server docs to perform path based routing or consider using an ALB (Application Load Balancer) to perform path based routing.
Related
objective: Moving a website to Google Cloud with a load balancer using Google's managed SSL without downtime.
current configuration:
A Google Load Balancer with unmanaged instance group that currently has 1 VM.
The website is using a cpanel which I have access to update the DNS settings.
The domain has a wildcare positiveSSL certificate.
The website is also using cloudfront SSL.
Problem: The main issue I have is configuring and provisioning SSL.
Mentally, before making the move, I'm thinking it should be a breeze. No.....!
Situation:
I set up the load balancer but it can't provision the SSL because the domain is using positiveSSL on another server.
I read that I need to have a A record pointed to the load balancer in order for it to provision. I also read that for cpanel, if I were to make any changes to the A record, it will affect the mail service. I don't want the mail services to be disrupted.
I tried adding a new A record pointing to the load balancer's IP but it doesn't allow because the current A record is using Alias pointing to cloudfront's and I have to detach them first. I don't think this is a good move.
My planned ideal steps are to ensure the load balancer is functioning properly and pointing to the website correctly before I update the DNS.
I'm not sure if this approach makes sense technically, I set up a A record for a random subdomain to point to the load balancer's IP, the provisioning is successful but it returns an error
curl: (35) error:14084210:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
How should I go about doing it? I didn't know switching a server is so difficult.
Discard the wildcare SSL and cloudfront SSL from your domain and provision a google managed SSL instead.But before that, you need to create a managed zone in cloud DNS add your website as A record there pointing to server’s IP address, only then you will be able to provision SSL. It might require a little downtime which you can reduce using tactics mentioned in John’s link.
Check here for help in managing cloud DNS records.
Refer to this for help in provisioning google managed SSL certificates.
I am really struggling to get my basic website (literally just a template without any changes, just running ASP.NET) to work with HTTPS. I am using an Elastic Beanstalk environment to host the site, and the site EC2 virtual machine is behind a load balancer (classic).
I have followed the guide here
And believe I have everything configured correctly, however when I browse to https://www.playground.cloudy-skies.org/ or even the http:// version, I get a HTTP ERROR 503.
I have created an SSL certificate using AWS certificate manager:
I have the load balancer in AWS configured like so:
As per the website documentation, my domain name is pointing to the elastic beanstalk instance, not the load balancer. I've checked the AWS official doco and it says to do pretty much this. Where am I going wrong? if I browse the site with Fiddler active I get:
Please help? I'm a software developer more than I am a network guy, so I'm doing my best here but I'm struggling and have yet to successfully create a site that uses HTTPS.
First thing if you are using Beanstalk your Route 53 will be pointing to your Beanstalk Url only. You can change even force it your Loadblancer also but it doesn't make any change.
As your HTTPS (Port 443) is not working, just check the Security Group of EC2 instance and ELB (Elastic Load Balancer). Sometimes it happens Security Group block your Port.
So in Your Inbound Rules, (for both ELB and EC2) 443 port should be included
Sorry in advance if this doesn't make much sense. I'm fairly new to this, so bear with me please.
I'm trying to specify a domain to a specific folder depending on the domain name the user use (example.com or test123.com), through Amazon Elastic Load Balancer (Application load balancer to be specific).
My current setup is that all traffic from the internet goes to a Load Balancer (ELB), from there it round robin between 2 EC2 instances. Both instances are connected to an Amazon Network File System (EFS), as well as a Relational Database (RDS).
I can access the website(s) fine through the DNS of the load balancer (http://web-load-balancer-efs-16512354.us-east-1.elb.amazonaws.com/example/)
What I want to do now set it up so that if someone put example.com as their url it will point to the Load Balancer and from there the server will use the correct folder as root (www.example.com document root would be http://web-load-balancer-efs-16512354.us-east-1.elb.amazonaws.com/example/, but the URL will still be www.example.com).
I created a hosted zone on Route 53 to point the domain name to my load balancer, but currently my load balancer which leads to one of the ec2 instances. Currently the ec2 document root is /var/www/html/efs-mount/.
Is there a way for me to have multiple document root depending on the domain name?
I stumble on something about putting multiple TLS/SSL certificate on your listener and through SNI protocol it'll be able to find right place? http://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#https-listener-certificates. I'm not sure if this is what I need, or I'm completely off track.
If someone can point me to the right direction on how to do this that would be great.
Thanks
You are indeed off track.
While ALB with multiple SSL certificates may be a part of your strategy, since it allows you to attach multiple ACM certificates to a single instance or group of instances, ALB does not re-write the paths of the incoming requests or determine how the instance resolves web paths into filesystem paths.
This is something configured in your web server itself. Start by searching for something like "name based virtual hosting." Each domain name will specify it's own "document root" in the web server configuration files.
We are using route53 AWS service to create a sub domain from our hosted zone. We have an instance currently running on amazon server with Elastic IP. Once we create route53 record of type A we can only assign the Elastic IP of our instance. This will map to apache default page as port 80 is used as default port with given IP address.
In our scenario we have multiple services running on same instance and we want to use a service runing on port 8153. Our requirments is to map this port automatically with our subdomain. So when we type say "ci.yyyyy.com" it will automatically map to that service running on 8153 port. All these steps should be done by using terraform scripts.
Is there any way to map IP address and port number with sub domain? Any suggestion and comments will be appreciated.
Thanks
This does not belong to route53 but you can achieve this using a reverse proxy in front of your servers. e.g use Squid in front of your webserver and redirect based on the domain name from the url. In Squid you can achieve this using cache_peer_access
See this question where you see a pretty nice diagram
EDIT: I propose Squid here, but you can find any other reverse proxy tool, like Nginx for example if you prefer
I have an Elastic Beanstalk environment with an SSL certificate that works if I visit the *.elasticbeanstalk.com URL (with a warning from by browser). For testing purposes I've mapped the IP of the instance to the domain in my hosts file before I change nameservers over. However when I try the actual URL with https:// I got ERR_CONNECTION_REFUSED from Chrome - http:// works fine though. I've flushed the DNS cache and I know DNS shouldn't care about application layer protocols - so I'm pretty stumped here. Any ideas?
HTTPS is disabled by default on new elastic beanstalk environments.
If it's a single server environment, you'd need to setup SSL yourself (documentation here).
If it's a load balanced one, simply enable the HTTPS protocol in the ElasticBeanstalk web console (Configuration => Network Tier => Load Balancing => Load Balancer)