How to resolve the 504 error on AWS Cloudfront EC2 instance - amazon-web-services

I have the following setup for my website on windows server:
Domain registered in Route 53
EC2 Instance running on windows server
Cloud front to serve the EC2 origin using the distribution with the option to get user redirected from HTTP to HTTPs.
Public certificate deployed on cloud front.
Here is what is working:
The EC2 Origin, every page works on http protocol.
Domain access, correctly redirects user from http to https
The first website page loads without issues.
ISSUE:
The issue is the error 504 which is displayed when any of the link is clicked on the website. Here is the complete error detail:
504 ERROR
The request could not be satisfied.
CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
I have included all the route options to accept http and https.

Related

Domain Forwarding gives 403 error for AWS and GoDaddy

I have a client requirement for whitelabelling, for which I need to forward all requests at hello.example.com to data.value.com.
The url in the browser will show hello.example.com but the page loaded will be of data.value.com.
hello.example.com is hosted on GoDaddy and I have made the corresponding entries in GoDaddy
data.value.com is hosted on AWS with a Cloudfront Distribution.
Now, when I hit hello.example.com I get a 403 error from Cloudfront with the following error Message:
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
When I do ping or traceroute on hello.example.com, I am able to see that the ping happens on data.value.com.
What configuration changes do I need to make in order to re-direct my domain requests.

Cloudfront throws 504 while connecting to ELB/Elastic Beanstalk

So I have a NextJS application hosted on Elastic Beanstalk (with it exposed on port 3000 in the docker file). Now, I have my domain registered with Godaddy. I initially had the DNS setup in Godaddy to point to Elastic Beanstalk. But then I wanted to use cloudfront for CDN/Caching.
So, I started configuring Cloudfront (using this article). I created the custom SSL certificate and got it verified through DNS as well. I set the origin in cloudfront to points to ELB.
Now, once the cloudfront distribution was deployed, I tried using the cloudfront URL xxxxx.cloudfront.net but I got a "504 ERROR - The request could not be satisfied" error.
If I go to the ELB URL I am able to access my application. So, I am not sure what's the issue here. If the cloudfront is pointed to ELB and ELB works then why would cloudfront URL won't work.
Any advice/recommendations?
If you receive a 504 error you are getting a timeout whilst connecting to the origin.
You should check the following:
Does the security group for the ELB allow inbound traffic from anyone (on port 80/443)? If it does not CloudFront is blocked.
Have you misconfigured your "Origin Protocol Policy", by selecting "Match Viewer" it will expect that HTTPS requests that hit CloudFront attempt to connect to the origin via HTTPS.
Does your application have a start time that exceeds the value of the Origin Response Timeout? By default this is 30 seconds.
Ensure the origin is the correct domain name.
There are additional steps to debug a 504 in CloudFront within the HTTP 504 Status Code (Gateway Timeout) page on AWS.

Cloudfront 403 or no response error making request from S3 secured hosted website to ec2 instance maybe secured

My website clap.com is a SPA hosted on an AWS S3 bucket. It is SSL certified.
My ec2 server is hosted on AWS EC2. I think it's SSL certified. I ran through the process to make it SSL certified.
When I make this request ec2-x-xx-xxx-xxx.compute-1.amazonaws.com:3002/getProfile to my EC2 server from my website I get this cloudfront error:
403 ERROR
The request could not be satisfied.
This distribution is not configured to allow the HTTP request method that was used for this request. The distribution supports only cachable requests. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
When I make a request with https prepended https://ec2-x-xx-xxx-xxx.compute-1.amazonaws.com:3002/getProfile I never get a response back. I don't see any errors in my EC2 server.
I'm not really sure what I'm doing wrong. When I created the certificate for my EC2 server which is using apache, I used clap.com as the CommonName. I also got the CA from ZeroSSL.
Thoughts? This is the worst part about websites.
I've whitelisted the correct IP addresses [edit] and ports [/edit]. I have no problem SSHing into my EC2 server.
I started receiving this error when making a CURL Post request while SSHd into my EC2 Server (Probably most helpful):
(35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
So I thought it was a problem with my Apache Server. So I added Listen 3002 in the httpd.conf file. When I restarted the server I got an error that port 3002 was being occupied. This makes sense since my node server is occupying port 3002. So...
I think I'm misunderstanding how to make my node server hosted on an EC2 SSL certified.
turning off apache I don't get the SSL23_Get_server error anymore and I get the correct response. But, when I make the post request from my website I don't get any responses.

Using CloudFront with a single EC2 instance without a load balancer

I recently migrated my WordPress to an EC2 instance. I attached an Elastic IP address to it and created an A record in my Route 53. But all my requests were HTTP so I wanted to use CloudFront to redirect all my HTTP to https.
I created a CloudFront distribution and now all my HTTP requests are redirected to https. And since my SSL certificate is active, my site is secure.
But now my site (blog.insisivecloud.io) doesn't load and I get a 502 Error which says "CloudFront wasn't able to connect to the origin." I have given the public DNS of the EC2 instance as my origin.
When I go to the public DNS of the EC2 where the blog is hosted it works fine. (ec2-54-167-212-65.compute-1.amazonaws.com)
Where am I going wrong here?
As official documentation says:
For HTTPS viewer requests that CloudFront forwards to this origin, one of the domain names in the SSL certificate on your origin server must match the domain name that you specify for Origin Domain Name. Otherwise, CloudFront responds to the viewer requests with an HTTP status code 502 (Bad Gateway) instead of returning the requested object. For more information, see Requirements for Using SSL/TLS Certificates with CloudFront.

ACM Cloudfront cloudflare strange problem

I recently use S3 to host a static site. My domain name is managed by Cloudflare and using a dedicated Cloudflare certificate. I don't want to turn on auto redirect http->https on Cloudflare so I have to create a Cloudfront distribution to do that. I know that's some kind of ugly solution because I use 2 CDN at the same time. Here is the description of my problems:
I create a S3 bucket name staging-etheremon.kyber.network
Create a Cloudfront distribution pointing to that bucket, the distribution using Default CloudFront Certificate.
I CNAME the domain name staging-etheremon.kyber.network to that Cloudfront domain. When I try to access using staging-etheremon.kyber.network, Cloudflare shown 526 Invalid SSL Certificate.
Next I open AWS Certificate Manager console and request a public certificate for staging-etheremon.kyber.network using DNS validation. It prompted me to create a CNAME in Cloudflare. I did just that but it still shown me pending validation.
Here is the strange part, after request the cert, my site was working despite the fact that I didn't change the Cloudfront config to import the cert and the certificate request is still PENDING VALIDATION. Also, I tried deleting the request and the site shown 526 error again. I recreate the request and the site was working again. Strange!
I also wait for a few days, I think more than 72 hours and now the request status change from PENDING VALIDATION to VALIDATION TIMED OUT. However, my site is still working, your can check it at staging-etheremon.kyber.network. I also deleted the VALIDATION TIMED OUT request, and the site is working.
I don't know what is the root cause of the problem, but I think it might be some kind of caching, might be on DNS server, CA server or Cloudfront, ...
Thanks in advance!