Good Afternoon,
I have followed a few tutorials on this topic and I have researched to see what I may be missing, but so far I haven't come up with anything. I'm sure it's a simple fix I just need a bit of help.
So I have the domain brandonkjones.dev that I purchased through Google Domains and I am trying to forward it to a static page hosted on S3. I created the hosted zone in Route 52 with the name brandonkjones.dev.
and I changed the Google Domain name servers to match those generated by the hosted zone.
I also added the additional records to forward the subdomain www to the root domain.
and Finally, I added the CNAME entry to the custom resource records on Google.
I'm sure this tutorial left off a step and I'm missing something because the original tutorial didn't even mention adding the CNAM resource within Google. Any help is greatly appreciated.
I had this same issue, tried with multiple browsers and triple checked that I'd done all the Route 53 and Google Domains steps correctly to no avail. Then I opened my terminal and tried:
curl http://my-domain.dev
and it returned my index.html that I uploaded to my S3 bucket, meaning I'd done everything correctly, but my browser wouldn't let me access the website over HTTP. In my devtools network tab, I could see that even if I explicitly typed in http://my-domain.dev it would do a 307 internal redirect to https://my-domain.dev. This is a security feature that browsers have to keep users from navigating to insecure sites over http.
Since the tutorials I followed for setting up S3 static hosting with a custom domain registered on Google Domains did not setup any SSL certificates for enabling HTTPS, the only way I could access my website was over HTTP. One way to fix this issue is to turn off HSTS as outlined here. Or, you could use something like AWS CloudFront to serve your S3 site over https, which you'll probably want to do if you want other people to access your site without this issue.
Related
I have a domain hosted through Google. I'm using Google Workspace for a lot of my day-to-day operations (e.g. Drive, Gmail, etc). I'm using AWS as my infrastructure and business logic for my application. I'm having trouble making my site support TLS. If you visit it now, you get this on chrome and I can't seem to make HTTPS requests work.
I have my domain pointing to AWS via Custom Name Server.
My route 53 has the NS type records listed under the hosted zone
I've tried to request a Certificate from AWS to make it work.
My problem is I don't know how to tell Google about it. How do you let Google know about the certificate so I can make my site HTTPS?
I believe approaching Google is not going to solve your issue as in the above case Google is only responsible to host your domain . So DNS setup is only responsible to route requests to your site and not making your site more secured.
I also found that you are exposing your site as http rather than https and thats why your site is unsecured.
Is your site is running on a web server or is it hosted on S3 as static web site ?
Note: you cant enable https on S3 static website.
The workaround to above problem is below :
Route53 has A record to pointing to ALB (configured with ACM) distributing traffic to Ec2 instances running your web application.
If anyone is still looking. I wanted to keep it cheap with a simple S3 static website. If you want to maintain the S3 part, make a CloudFront distribution (if you haven't already.
Inside the CloudFront under the main settings, use a Certificate you made from Certificate Manager.
Then head over to Route53 (even if the domain is hosted via Google) and route the "A" name record to the CloudFront. NOTE: make sure the "Alternate Domain" name is filled in or else it won't see it.
Let it update for about a minute or two and it will show https
I've got 5 records in my AWS Route 53 hosted zone:
First is an NS for my domain name.
Second is SOA for that domain.
Third is a validated CNAME for it.
Fourth is cloudfront distribution A alias for it with the www prefix.
Fifth is validated CNAME for the www version.
I don't yet have an SSL attached to it.
It works - well partially.
Trying to reach the unprefixed version of the domain from Chrome doesn't work, but if I type the domain with the www prefix it works.
Firefox automatically redirects the unprefixed domain to the www variant. I type the unprefixed name making sure it's not redirecting because the prefixed name is in the search history. When I hit enter, Firefox automatically redirects to the www.
I'd like the main name to be accessible, not just the www one. It's OK if someone types the www. They should get to the site, but the actual name has no www.
I'm inexperienced enough not to be certain about that www prefix or why it is necessary. This was the result of a long course on AWS services.
Can anyone tell me if I'm missing a needed record, or if I'm improperly using the Alias A record?
Edited to add this below after reading first three answers. Thank all of you who answered for your responses. I do appreciate them. Please see my comments on those answers. --
I'm attaching a screenshot of my Route 53 hosted zone settings to maybe help you get a clearer picture of where I am.
Please remember. I'm not starting with a domain with a site that I wanted to host on S3 and then redirect www.mydomain traffic to mydomain.
I began coding an app with no domain. Then I uploaded it to an S3 bucket. I then was able to access it's simple S3 hosting with the ugly url. Then I used CloudFront for a world-wide distribution, again with an ugly url. Only then did I try taking one of my owned subdomains and redirecting it to Route 53. It wasn't as clean and simple as buying a domain from Amazon. I had no SSL and had to make a request for the AWS Certificate Manager to process validation of my domain. I got all that.
My problem is as I tried to explain - Chrome won't recognize or redirect my main domain name without the www. It only recognizes if one types the www. in front of the domain name. On the other hand, Firefox automatically redirects no matter what you type (the www version or the one without the www). That redirection is to the www version (that is what shows in the url bar in the end - http://www.mydomain).
I think I may have figured out most of this. As I mentioned in my comment above, I noticed I didn't have an Alias record for my main domain. I also read in AWS documentation that my S3 hosting bucket should have the same name as the domain, so I did that.
After creating the new original S3 hosting bucket I had made another to keep the log files. I set up a CloudFront Distribution. Then I requested and got SSL certificates for my owned domain name and added another for the www version. With those successfully enabled, I transferred my registered DNS servers to AWS. That created the NS and SOA records when I created my R-53 hosted zone. I then created Alias records for both the man and www version and added the validated SSL certificates for both the main domain and the www version. So, a total of six records in the zone.
I created my new S3 bucket, naming it the same as my domain; copied the settings from the old one, set it up to host static single page site and generate logs. I had already created a bucket for the logs, so I just pointed the logs location for the new domain named bucket. I gave the regular logs a log prefix (folder) and the CloudFront logs a cdn one.
Everything works great except I discovered a new problem. I'll post a new question regarding that, something like XML error on browser refresh in child pages.
Thanks ALL!
I'm currently hosting a React website through AWS CloudFront. I have the CloudFront URL, ex: http://xxxxxxxxxxxx.cloudfront.net but I want to use the distribution with my domain name. I am using Google Domains at the current moment. I've looked into CNAME records and ALIAS records (Google Domains currently doesn't support ALIAS) but still haven't figured out a solution. At the same time, I'm trying to reduce downtime for the site, so this is a bit tricky because I'm trying to minimize experimentation.
Here's what I've tried:
CNAME: www -> xxxxxxxxxxxx.cloudfront.net
Result: caused website to not load
CNAME: # -> xxxxxxxxxxxx.cloudfront.net
Result: Google Domains doesn't let you do this!
I also tried Google's "Synthetic Records" for redirection, but as I expected that just redirects to the CloudFront domain whenever I enter my domain.
I know that AWS Route 53 would be a valid option except that they don't support '.app' domains for some reason.
I've included the domain CNAME and SSL certificate on CloudFront, but I'm confused about what I'm doing wrong as for the DNS info.
Has anyone had experience setting up a CloudFront website for their own domains using Google Domains? I've done a bunch of research on this but for some reason haven't found any results that have helped me.
I'm following the serverless-stack guide and have a website hosted in an Amazon S3 bucket. I purchased a domain using GoDaddy and I have set up cloudfront to work with this bucket, then have used AWS certificate manager to generate SSL certificates for my domain (both www.my_domain.com and my_domain.com).
In GoDaddy I then configured DNS forwarding to point to my cloudfront resource.
This all works nicely, and if I go to my_domain.com in a browser then I see my website.
However, I can't get SSL working. If I go to the https:// version of my website then I see a not secure error in the chrome address bar which shows a certificate pointing to shortener.secureserver.net rather than my own website.
Could someone point me at a way around this? Looking through S.E. and using google it seems that Amazon's route53 might be able to help, but I can't figure out how to do this.
Thanks!
(edit) To make things more clear, this is what I see in Chrome if I connect to https://my_website.com or to https://www.my_website.com
The warning message:
The certificate details:
What I do not understand is why, after configuring an AWS certificate for my domain, I see a certificate for shortner.secureserver.com rather than a certificate for my_website.com.
Go daddy has problems and does not redirect to https, There are two ways, the first is to change domain registrar and the second is the easiest, which is: Create a hosted zone on AWS router 53 with your domain name
Create 2 type A records, one for the root (of your domain) and one for www that point to your cloudfront. Router 53 allows you to create a type A record without having an IP, because it directly points to a cloudfront instance that you indicate, that's the best
Then in go daddy it gives you the option to change name servers and puts the ones assigned by aws in hosted zone with the record that says NS and you put those 4 in Godaddy, replacing the ones that had
Note: SAVE THE NAME SERVERS THAT YOU HAVE IN GO DADDY BEFORE REPLACING THEM, IN CASE YOU HAVE ANY PROBLEM, YOU CAN REPLACE THEM AGAIN
You have to wait at least a few hours until all the name servers are updated, you can use the who.is page to see if the DNS have already been updated with those of aws.
It turns out that this is not possible with GoDaddy. If anyone else reading this has a similar problem, only current solution is to cancel your domain registration and register with someone else.
(edit) As #aavrug mentions in their comment, Amazon now have a guide for this.
When you defined your CloudFront you can defined whether you want to use, and you can choose HTTPS only. In this case HTTP requests will be automatically redirected to HTTPS. Have in mind CloudFront changes may take a while to be replicated and your browser cache it as well, so the best way is to make a change, wait for the deployment and then check it in a new cognito browser.
It goes without saying that your certificate must be valid and verified as well.
It might be something wrong with your certificate or with your domain.
If you serving your content over HTTPS you must provide a SSL Certificate in Cloudfront. Have you done that?
Have you added your domain on Alternative Domain Names (CNAMEs)?
Please have a look on the image below:
-> AWS provides Free SSL Certificates to be used with Cloudfront, so you might want to use it (easier than you import your SSL from go daddy).
You can create a free SSL certificate on AWS and easily attach it to your cloudfront distribution.
-> You can also transfer your domains to AWS Route53. It is easy to integrate with any AWS Service and easy to use/maintain :)
I wrote a complete guide on my blog telling how you can add Custom SSL and attach custom domain to Cloudfront distribution, it might be useful :)
https://lucasfsantos.com/posts/deploy-react-angular-cloudfront/
I'm tried to host a static Jekyll based website (sort of blog) with an S3 bucket and redirecting my domain name to the bucket (using a mask by now, but am considering define CNAME for it).
Anyway, I created my website's prototype and tested it via the jekyll serve command and everything is working fine, Google analytics show almost immediately that I have a visitor.
After that, I uploaded the page using s3_website and everything, but Google Analytics, seems to be working fine. I googled it and it looks like I'm not the only one with this problem.
Some solutions I tried out: I checked the whole GA code to see if it's correct (and it is otherwise it would work locally), I turned the whole bucket public, tried going to the link directly, and can't figure it out...
What else should I try to get this working?
I figured out what was happening, I hadn't configured correctly my domain according to the following SO posts: how do i to forward domain.com to www.domain.com at godaddy for s3 hosted site? and Using GoDaddy Domain Hosting to link to Amazon S3 Website.
Well what seemed to be happening is that when I masked my domain the GA code wasn't able to contact the serve, probably it got blocked by the DNS to stay masked.
So I configured a domain forwarding for the domain without "www" to the full domain with "www" and configured the CNAME for the "www" subdomain to the link of my bucket without its name (i.e. s3-website-us-east-1.amazonaws.com) and created a bucket with the same name as my domain and it started working perfectly.
So nothing was actually wrong with the code, just that Google Analytics doesn't work with masked domains.