I have a wordpress website hosted on AWS Lightsail.
I added an A record to my DNS pointing my custom domain to the static ip of the Lightsail instance.
But, I don't want the website to be accessible via the static ip, only via my custom domain.
How can I block access to the static ip?
Thanks!
As your domain name is resolving to the IP address the IP address will still need to allow ingress into the IP.
For this reason the change will need to happen within the host.
Depending on the web server technology you are using (such as Apache or Nginx) the first host file that loads is served if no other host configuration is matched.
If you add the secondary vhost for your domain ensuring you explicitly reference the domain, then in the default host rather than serving your application return a 403 instead this will prevent bypassing your domain name.
More information is available in the following links:
Apache VHOST configuration
Nginx configuration
Related
I have deployed a django based website on my AWS lightsail instance. the web address has a port 8000 (:8000). I own a domain on (host =fatcow.com). I have created a hosted zone on AWS and pasted the ns values to my provider(factor)'s Nameservers values. In the amazon route53, I have created a new record with a simple redirect A ipv4 and entered the resolver IP address value - my web address with port value. it doesn't work.
Also, I have read that the redirect will not work for its with port numbers. I have tried redirecting my domain to the static ip, then created another hosted zone record trying to redirect the static ip to the ip+port value - error pops up saying it is not a valid address.
I currently use the development server provided by django as it is a personal website and currently it will not have a lot of traffic - portfolio website.
Also, on my fatcow.com domain settings, the Nameservers are updated and in the whois values, new Nameservers are seen. I have only added the 4 NS values. AWS also created SOA ip values but I was not able to add them to the domain (Inputs were not taken by fatcow ).
In the NSLookup website, I can see NS values and SOA values which are on the AWS hosted zone but A records show none.
Edit: sorry for the confusion. my domain is www.chandradhar.com. I'm not a web dev but I'm trying to deploy a django based portfolio website. I have added Amazon Lightsail DNS nameservers to my domain (host=fatcow.com). the web address is :8000 port. Without the port number, the website isn't loading at all. Only with the port number along the static IP, the website loads. 'A' record isn't taking the port number. I did add a SRV record with the port number(in AWS route 53) but still doesn't work. when checked from the website nslookup.io, the nameservers are updated correctly
Not reproduceable.
> host fatcow.com
fatcow.com has address 65.254.254.33
fatcow.com mail is handled by 10 mail.fatcow.com.
Most probably your changes in DNS have already propagated.
Steps to successfully deploy one or more websites on lightsail AWS when the domain is on another website like godaddy/fatcow.
Create a dns zone in the networking section of the lightsail instance.
Copy the name servers from the dns zone and paste it in the name servers section of the domain provider (fatcow/godaddy) - it might take upto a day for the values to get updated - i used nslookup.io to see if my nameservers were updated.
Create 'A' records and SRV records pointing to the static ip of the lightsail instance.
Install Nginx
Create a simple script with the (name of the website).conf in the conf.d folder/available sites folder
Add the following script:
server
{
listen 80;
server_name domainname.com;
location / { proxy_pass http://ipAdd:PortNum;
}
}
Repeat the same code block with different domains and redirect ports. I guess we can also use 301 redirect to achieve the same.
This might or might not be the proper way of achieving what I required but it'll work.
I have an ec2 instance which is open to public access with ip address. I have now connected a domain with it and want to use that domain only. I need to block access to ip. I tried changing security groups but no luck.
There is no way to block access by hostname by using security groups, these simply function as a whitelist for incoming IP addresses.
You have 2 solutions that can be used to allow this functionality:
The first solution would be to add a secondary host configuration in your web server (apache, NGINX) to have your web site domain. Have the first host (or default host) return a 403 if any user attempts to access on that page.
The second solution would be to add either CloudFront or a load balancer in front of your application. You could then add a WAF with a default block policy. It would only allow traffic through if the "Host" header matched the name of your site.
I have bought a domain name from GoDaddy and would like to host it on an EC2 instance. I have created the instance and have installed apache. I have added an index.php with phpinfo(); and it is showing correctly when I access the public IP on browser. Now I would like to point my domain name to this instance. For this I have added an A RECORD at Godaddy DNS configuration. But when I access the doamin, it is showing
ERR_CONNECTION_TIMED_OUT
message in the broswer. Is there any additional settings I need to do ?
What you did is what it is needed. SO if it is not working then then you have to check everything again :
- check (for example with ping) if the domain is in fact resolving to correct IP address (from your computer and from instance for example to use different DNS servers). You can also use host command (for example host www.mydomain.com 8.8.8.8 - it will use google's dns (8.8.8.8) as the source of truth
- check if Security Group in aws allows inbound traffic (that's probably true as you can reach the instance directly)
- try to connect from different network (again this should not be problem as IP is reachable using IP).
you can also post the domain name and requested Ip so we can check this for you ;)
I need programmaticaly (C++) add some kind of dns-resolving rule, to redirect requests of specific domain to localhost.
Are there any methods to do so without modyfing etc/hosts file on Windows?
You install a local DNS server to your machine (for example: BIND). Then you change the IP settings on your machine to use your own local DNS server (127.0.0.1) instead of your normal DNS servers. Then you create a new domain (with the name of the DNS name to be redirected) on your local DNS server, and include an address record in the zone file of that domain, specifying the desired IP address (127.0.0.1). There is one more step that might be neccessary: if your machine cannot reach the Internet DNS servers directly, only through the normal DNS servers, you have to configure DNS request forwarding into your local DNS server, so that every domain request would be forwarded to the original DNS servers.
I am new in the Amazon EC2 world, I just created an app, that is located URL like this:
http://ec2-54-123-45-678.compute-1.amazonaws.com:8080
This is generated URL by Amazon EC2.
Now I would need to use my own domain name, so when I would access www.my-domain-name.com, I would like to see the content from
http://ec2-54-123-45-678.compute-1.amazonaws.com:8080
I bought the domain name on Godaddy.
Is there any way to do this in Amazon AWS dashboard or do I need to set it up in Godaddy system?
Thanks
I am answering on a more general level because I stumbled upon this thread when setting my custom domain.
In Amazon I created an instance and associated an IP to that instance. You were able to access it by typing in the amazon url
I actually used Media Temple not GoDaddy, but it will be similar. I went to the zone file and added that public url to the www
And as you can see, here is my blog actually working on the custom domain.
I set the wildcard because that way, no matter what someone types, if it is not set, then they will still see the site.
EDIT
For the root URL you should be entering your elastic IP and setting that as an A record.
First you need to set an ElasticIP for associated to that instance.
Then point the DNS entry of "www" for "my-domain-name.com" to the IP assigned in the step above.
Where you manage your DNS is another thing, can be in GoDaddy or in AWS Route53. You must adjust the delegation DNS in the "my-domain-name.com" register. Ex: your domain can be registered with GoDaddy but its delegation DNS point to Route53 so you can manage the domain from your AWS Console.
In order to setup DNS mapping you can map the existing IP 54.123.45.678 to ex: www.my-domain-name.com.
However, as you are running tomcat which is running at 8080 you need to forward the the request to the tomcat using Apache. So that you can visit www.my-domain-name.com without port 8080. If you are using linux box install Apache, apache-modjk and then configure sites.