I pointed DNS to lightsail AWS ip, but I still get error 524, I saw a video on [enter link description here][1]
I tried it but it only works for EC2, am I missing anything?
[1]: https://www.youtube.com/watch?v=VZvEkWagoc0
I did curl -i nairametrics.com and this is the result:
HTTP/1.1 301 Moved Permanently
Date: Sun, 17 Jan 2021 03:03:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=ddcd0fa70148de3e620861c404ece852d1610852591; expires=Tue, 16-Feb-21 03:03:11 GMT; path=/; domain=.nairametrics.com; HttpOnly; SameSite=Lax
Location: https://nairametrics.com/
CF-Cache-Status: DYNAMIC
cf-request-id: 07afe4ff280000df24f6854000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J%2BqqT71RtS4n86tBwXNSNsRn2%2BlFNBO7zgzAzXAFcUF02JfxC54cvggI2SZZ8Re17YbSrAbBT1NT%2Fl1K7%2BQkVkuUNoIm1IyowQMAcWTLhzYX"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 612cd7784a2fdf24-MEL
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
</body></html>
As you can see you are being redirected to HTTPS. So if your application is not setup to handle HTTPS, you will be timing out.
In the link you can get more info about light-scale and its HTTPS:
SSL/TLS certificates in Lightsail
Related
I have a django application (version 4.0.3) and I want to URL MASK some specific URLs using new purchased domains (in this case GoDaddy)
So what I want to do is:
www.originaldomain.com/url1 beeing masked with www.newdomain.com.
But when I redirect with mask in domain www.newdomain.com some HEAERS do not allow it (I know because GoDaddy tech support said me "something is blocking it").
If I do a normal redirect (301 or 302) it works, but not with URL Masking.
I tryied removing X-Frame-Option: Deny using a django decorator to the view but still not able to make it work.
Current response headers
HTTP/1.1 200 OK
Date: Fri, 22 Jul 2022 06:47:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Cookie, Accept-Language
Content-Language: es
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Set-Cookie: csrftoken=UJp7VSdbT7BnFmc9wKnFZeKSKWjtGbLcEaLEqrZ0MAj8NhU69MDjZQIgWj5LhnWw; expires=Fri, 21 Jul 2023 06:47:40 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie: sessionid=bjtb3e42z9h9wd5tixsw3xpj23kiao1u; expires=Fri, 05 Aug 2022 06:47:40 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
X-Clacks-Overhead: GNU Terry Pratchett
Content-Encoding: gzip
Server: PythonAnywhere
An explanation of how to find what is blocking it would also be very appreciated (like using
I have one normal Wordpress website on which I am trying to block requests to wp-json. I am aware that such requests go via the core of the Wordpress. My request looks like this:
[root#SV-CentOS-01 ~]# curl -i https://www.website.com/wp-json/wp/v2/users/1
When I add RewriteRule ^wp-json.*$ - [L,R=404] on top of my htaccess I get 404 server response and the API returns me the users of my website. Is there actually a way to achieve what I want via .htaccess or we need to make it the Wordpress way?
Example:
[root#SV-CentOS-01 ~]# curl -i https://www.website.com/wp-json/wp/v2/users/1
HTTP/1.1 404 Not Found
Date: Mon, 20 Sep 2021 14:14:13 GMT
Server: Apache
Vary: Accept-Encoding,Cookie,Origin
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Robots-Tag: noindex
Link: <https://www.website.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Allow: GET
Set-Cookie: PHPSESSID=5c07eaa455457ca0ef4b358d016c3b8d; path=/
Upgrade: h2,h2c
Connection: Upgrade
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
{"id":1,"name":"User One","url":"","description":"","link":"https:\/\/www.website.com\/author\/admin\/","slug":"admin","meta":[],"_links":{"self":[{"href":"https:\/\/www.website.com\/wp-json\/wp\/v2\/users\/1"}],"collection":[{"href":"https:\/\/www.website.com\/wp-json\/wp\/v2\/users"}]}}[root#SV-CentOS-01 ~]#
So here's the situation: I have a heroku rails app (let's call it original_app) sitting on a custom domain sitting at http://www.originaldomain.com. It is a standard Rails 4.2.0 app running on PG/Passenger/Nginx. The domain is hosted on DNSimple (with the root domain aliased to the Heroku SSL endpoint and the www CNAMEd to the endpoint) and it has an approved SSL certificate. The production.rb file forces the app to remain in SSL. This app works fine, without any problems.
THEN, I used the heroku fork command to "clone" the original_app to an identical app on heroku called, say, new_app. I purchased an SSL certificate from Godaddy for www.newdomain.com and provisioned it on the heroku SSL endpoint addon. The domain newdomain.com is hosted on AWS's Route 53 service. Because they don't allow for redirecting of the root (a.k.a. "zone apex"), I used a workaround detailed here [https://devcenter.heroku.com/articles/route-53] (which was a solution to a similar question posted on stack overflow) to alias newdomain.com root to www.newdomain.com via A record alias to an S3 bucket that redirects to www.newdomain.com. Meanwhile, on Route 53, www.newdomain.com redirects to the Heroku SSL endpoint URL.
PROBLEM: Whenever I access https://www.newdomain.com/somepath, I get a "too many redirects" error from the browser. Strangely enough, if I access the app directly at https://new_app.herokuapp.com, it works like a charm. And so does the original app. How is this possible if they're all identical?
Additional details:
The home page works (e.g. https://www.newdomain.com/) because it is actually a static page hosted on a github.io repository. The rails app redirects to it and other static pages via a Rack::ReverseProxy in config.ru. It's the non-static pages that are the problem.
If I do a wget command it shows the redirections bouncing back and forth between AWS (presumably Route53 and/or S3) and the Heroku Nginx/Passenger server. Here is an excerpt of the log:
bash
$ wget --server-response https://www.newdomain.com/somepath -O -
--2015-09-13 02:09:22-- https://www.newdomain.com/somepath
Resolving www.newdomain.com... [IP address hidden for SO], [IP address hidden for SO]
Connecting to www.newdomain.com|[IP address hidden for SO]|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Type: text/html
Transfer-Encoding: chunked
Status: 301 Moved Permanently
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000
X-Request-Id: 164c641d-c1f9-432b-aead-236dffa931a4
Location: http://newdomain.com/somepath
X-Runtime: 0.003392
Date: Sun, 13 Sep 2015 06:09:22 GMT
X-Powered-By: Phusion Passenger 5.0.6
Server: nginx/1.6.2 + Phusion Passenger 5.0.6
Via: 1.1 vegur
Location: http://newdomain.com/somepath [following]
--2015-09-13 02:09:22-- http://newdomain.com/somepath
Resolving newdomain.com... [IP address hidden for SO]
Connecting to newdomain.com|[IP address hidden for SO]|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
x-amz-id-2: tk7HsFoqcqgMtLwtofrFIE1ob1+gP50m1k6yo3f4Prinufu5w4R6lrsvPexFiCAyDSCO1c/OKwU=
x-amz-request-id: 9357AE308083C80D
Date: Sun, 13 Sep 2015 06:09:24 GMT
Location: http://www.newdomain.com/somepath
Content-Length: 0
Server: AmazonS3
Location: http://www.newdomain.com/somepath [following]
--2015-09-13 02:09:23-- http://www.newdomain.com/somepath
Connecting to www.newdomain.com|[IP address hidden for SO]|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Type: text/html
Content-Length: 0
Status: 301 Moved Permanently
Location: https://www.newdomain.com/somepath
Date: Sun, 13 Sep 2015 06:09:23 GMT
X-Powered-By: Phusion Passenger 5.0.6
Server: nginx/1.6.2 + Phusion Passenger 5.0.6
Via: 1.1 vegur
Location: https://www.newdomain.com/somepath [following]
--2015-09-13 02:09:23-- https://www.newdomain.com/somepath
Connecting to www.newdomain.com|[IP address hidden for SO]|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Type: text/html
Transfer-Encoding: chunked
Status: 301 Moved Permanently
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000
X-Request-Id: daf02b75-0d2d-4880-8a3d-e61b648d2a86
Location: http://newdomain.com/somepath
X-Runtime: 0.003992
Date: Sun, 13 Sep 2015 06:09:23 GMT
X-Powered-By: Phusion Passenger 5.0.6
Server: nginx/1.6.2 + Phusion Passenger 5.0.6
Via: 1.1 vegur
Location: http://newdomain.com/somepath [following]
--2015-09-13 02:09:23-- http://newdomain.com/somepath
Connecting to newdomain.com|[IP address hidden for SO]|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
x-amz-id-2: uyB1ckI+koqGzKFjTVLatqpJ0cpgAjubGpla62w+8yKpz363FTv6ogtQuzo8tibKKyjAM4X7k3I=
x-amz-request-id: BED63CC152C82099
Date: Sun, 13 Sep 2015 06:09:24 GMT
Location: http://www.newdomain.com/somepath
Content-Length: 0
Server: AmazonS3
Location: http://www.newdomain.com/somepath [following]
--2015-09-13 02:09:23-- http://www.newdomain.com/somepath
Connecting to www.newdomain.com|[IP address hidden for SO]|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Type: text/html
Content-Length: 0
Status: 301 Moved Permanently
Location: https://www.newdomain.com/somepath
Date: Sun, 13 Sep 2015 06:09:23 GMT
X-Powered-By: Phusion Passenger 5.0.6
Server: nginx/1.6.2 + Phusion Passenger 5.0.6
Via: 1.1 vegur
Please let me know if I can provide more details.
I know about the SOAP -based webservices that SOAP messages, which are XML in turn, are transferred on the network, from client to the server. But what kind of data is transferred in case of RESTful webservice ?
from Wikipedia https://en.wikipedia.org/wiki/Representational_state_transfer
RESTful systems typically, but not always, communicate over the
Hypertext Transfer Protocol with the same HTTP verbs (GET, POST, PUT,
DELETE, etc.)
You can try yourself easily with curl or Fiddler. For example GitHub API is nice to experiment with.
Send this with Fiddler:
GET https://api.github.com/users/octocat HTTP/1.1
Host: api.github.com
User-Agent: Fiddler
and you will get this response:
HTTP/1.1 200 OK
Server: GitHub.com
Date: Fri, 10 Jul 2015 10:23:10 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1155
Status: 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-RateLimit-Reset: 1436527371
Cache-Control: public, max-age=60, s-maxage=60
Last-Modified: Mon, 06 Jul 2015 23:59:25 GMT
ETag: "d811d5844be3eaf9ab1f60dd36198aa9"
Vary: Accept
X-GitHub-Media-Type: github.v3; format=json
X-XSS-Protection: 1; mode=block
X-Frame-Options: deny
Content-Security-Policy: default-src 'none'
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
X-GitHub-Request-Id: 3EAD7342:6BF1:E180441:559F9D0D
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
X-Served-By: bd82876e9bf04990f289ba22f246ee9b
{"login":"octocat","id":583231,"avatar_url":"https://avatars.githubusercontent.com/u/583231?v=3","gravatar_id":"","url":"https://api.github.com/users/octocat","html_url":"https://github.com/octocat","followers_url":"https://api.github.com/users/octocat/followers","following_url":"https://api.github.com/users/octocat/following{/other_user}","gists_url":"https://api.github.com/users/octocat/gists{/gist_id}","starred_url":"https://api.github.com/users/octocat/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/octocat/subscriptions","organizations_url":"https://api.github.com/users/octocat/orgs","repos_url":"https://api.github.com/users/octocat/repos","events_url":"https://api.github.com/users/octocat/events{/privacy}","received_events_url":"https://api.github.com/users/octocat/received_events","type":"User","site_admin":false,"name":"The Octocat","company":"GitHub","blog":"http://www.github.com/blog","location":"San Francisco","email":"octocat#github.com","hireable":false,"bio":null,"public_repos":5,"public_gists":8,"followers":1054,"following":6,"created_at":"2011-01-25T18:44:36Z","updated_at":"2015-07-06T23:59:25Z"}
The following link answered my query. Now I know that the data sent in case of RESTful services is 'raw http' data.
http://rest.elkstein.org/2008/02/how-simple-is-rest.html
Amazon recently rolled out a new feature on CloudFront that supports custom SSL certificates at no charge using SNI (Server Name Indication).
I got my distribution set up with a free Class 1 certificate from StartSSL and everything was working when I was noticing that the site would go down a short time after it's deployed. Running SSL Checker returns that my certificate is working properly:
But then I would hit this error page when trying to access the site via HTTPS (it would work for the first request then go down in subsequent attempts to connect).
Here's a verbose output when accessing with ssl (succeeds on index):
$ curl -I -v -ssl https://wikichen.is
* Adding handle: conn: 0x7f9f82804000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f9f82804000) send_pipe: 1, recv_pipe: 0
* About to connect() to wikichen.is port 443 (#0)
* Trying 54.230.141.222...
* Connected to wikichen.is (54.230.141.222) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_RC4_128_MD5
* Server certificate: www.wikichen.is (6w984WNu7vM5OrdU)
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: wikichen.is
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Content-Length: 1153
Content-Length: 1153
< Connection: keep-alive
Connection: keep-alive
< Date: Sun, 09 Mar 2014 16:09:54 GMT
Date: Sun, 09 Mar 2014 16:09:54 GMT
< Cache-Control: max-age=120
Cache-Control: max-age=120
< Content-Encoding: gzip
Content-Encoding: gzip
< Last-Modified: Wed, 05 Mar 2014 20:40:48 GMT
Last-Modified: Wed, 05 Mar 2014 20:40:48 GMT
< ETag: "34685bc45353d1030d3a515ddba78f3e"
ETag: "34685bc45353d1030d3a515ddba78f3e"
* Server AmazonS3 is not blacklisted
< Server: AmazonS3
Server: AmazonS3
< Age: 4244
Age: 4244
< X-Cache: Hit from cloudfront
X-Cache: Hit from cloudfront
< Via: 1.1 4f672256eaca5524999342dc8678cdd2.cloudfront.net (CloudFront)
Via: 1.1 4f672256eaca5524999342dc8678cdd2.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: h4TEULH44TCi7m2lL42A8lO-5-Gmx8iY2M2C1AOmRlK543zFN6jCtQ==
X-Amz-Cf-Id: h4TEULH44TCi7m2lL42A8lO-5-Gmx8iY2M2C1AOmRlK543zFN6jCtQ==
<
* Connection #0 to host wikichen.is left intact
Then fails on other pages:
$ curl -i -v https://wikichen.is/writing/index.html
* Adding handle: conn: 0x7fa153804000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa153804000) send_pipe: 1, recv_pipe: 0
* About to connect() to wikichen.is port 443 (#0)
* Trying 54.230.140.160...
* Connected to wikichen.is (54.230.140.160) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_RC4_128_MD5
* Server certificate: www.wikichen.is (6w984WNu7vM5OrdU)
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> GET /writing/index.html HTTP/1.1
> User-Agent: curl/7.30.0
> Host: wikichen.is
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 472
Content-Length: 472
< Connection: keep-alive
Connection: keep-alive
* Server CloudFront is not blacklisted
< Server: CloudFront
Server: CloudFront
< Date: Sun, 09 Mar 2014 17:54:41 GMT
Date: Sun, 09 Mar 2014 17:54:41 GMT
< Age: 6
Age: 6
< X-Cache: Error from cloudfront
X-Cache: Error from cloudfront
< Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront)
Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw==
X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
</BODY></HTML>
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated by cloudfront (CloudFront)
</ADDRESS>
* Connection #0 to host wikichen.is left intact
</BODY></HTML>%
Would love some pointers as to where to start troubleshooting.
A kind rep by the name of Alastair#AWS from the AWS CloudFront forums solved this for me:
I have identified your CloudFront distribution and the S3 bucket
acting as the origin for this distribution.
I can re-create and explain the intermittent '502 Bad Gateway'
response you are receiving.
This response is returned by CloudFront when you attempt to access a
URL using the HTTPS protocol that is not currently cached by
CloudFront. The reason for this error is CloudFront is attempting to
contact your origin using the HTTPS protocol, and this is failing.
The reason for this failure is you have configured your origin as an
S3 bucket, but you are using the "Custom Origin" type and directing to
the S3 website URL for this bucket. If you attempt to hit your S3
website URL using HTTPS, you will note this does not work. S3 website
hosting only supports serving content using the HTTP protocol
(http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff).
Now, the intermittent page load behavior you are seeing is due to
CloudFront returning the pages it currently has in its cache. You
should be able to re-create this scenario as follows:
Hit a page on your site using HTTPS. You should get a '502 Bad Gateway' error back.
Hit the same page using HTTP. You should see the page.
Hit the page again using HTTPS. You should now get the expected result, as CF has served the content from its cache rather than
attempting to contact your origin.
To resolve this issue, please try the following:
Open the CloudFront Management Console and open your distribution.
Navigate to the Origins tab, select your origin and click "Edit"
Modify the "Origin Protocol Policy" to "HTTP Only".
Save the changes and wait about 15 minutes for the change to take effect.
Test
My expectation is this will force CloudFront to contact your origin
using HTTP only. I have tested this in my environment with an S3
Website hosted bucket and I can successfully load content via both
HTTP and HTTPS.
Here's the link to the original forum thread.
I had a similar issue to this and, as #Michael-sqlbot suggested, switched from custom origin to S3. That did not, by itself, resolve the issue.
In addition to switching the origin, Andrew from AWS support said that aliases work better than CNAMEs. I had been using CNAMEs. When I switched to aliases (one for IPv4 and one for IPv6) it worked. Here is the Route 53 documentation for CloudFront that shows how to setup aliases for CloudFront.
I was struggling a bit with having proper setup with own SSL Certificate, but this article was most helpful. Just pay attention to details:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/tutorial-redirecting-dns-queries.html