What I have done so far:
I uploaded my Laravel App to Elastic Beanstalk
I purchased a domain name at namecheap: domain.net
I set up a Hosted Zone for domain.net in Route 53
I entered the NS infos from the Hosted Zone in the section of my domain at namecheap
I got a certificate from Certificate Manager and associated domain.net, I got a second cert for *.domain.net
I created a CNAME record for the certificate in the Hosted Zone (see picture below)
I created a CloudFront distribution, under "Origin Domain Name" I put the Elastic Beanstalk URL, chose "Redirect HTTP to HTTPS", entered domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net
I repeated the previous step for *.domain.net
Then in Hosted Zones I created an Alias record for domain.net pointing to the CloudFront distribution for domain.net and another Alias record for *.domain.net pointing to the respective CloudFront distribution (see picture below)
Question
I went on the website and got an SSL connection for both domain.net and www.domain.net, even the redirection from HTTP to HTTPS works. But when I click on a link in the navigation menu for example, like "About", the page I get is NOT domain.net/about, but http://myenvironment-env.eba-zxsw5igy.us-east-1.elasticbeanstalk.com/about with a "Not Secure" connection. When I enter the URL manually in the browser, however, like domain.net/about, I get the correct URL. What may I have done wrong?
Here is the overview over the records from the Hosted Zone.
Update
Configuring Route 53 with the same Laravel application code on Elastic Beanstalk without SSL (+CloudFront) works fine. I am able to access any links on the website, they resolve correctly to domain.net/about etc.
Maybe I do not connect CloudFront to Elastic Beanstalk correctly? Again, this is what I do in the CloudFront distibution: Under "Origin Domain Name" I put the Elastic Beanstalk URL, I choose "Redirect HTTP to HTTPS", I enter domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net
So, I found a solution for my problem. By default, CloudFront sets HTTP Request Header to the origin hostname -- for me this was the ElasticBeanstalk URL. The application then generates links based on that origin.
To change that behavior one has to create a Cache Policy and an Origin Request Policy and add the host header to a whitelist, so CloudFront uses the hist header that is sent from the browser.
This answer gave me a hint on what to do, as well as these AWS resources:
This gives an overview about the solution
How to create a Cache Policy and attach it to your distribution
How to create an Origin Request Policy and attach it to your distribution
Related
I searched a lot of similar questions and got more confused.
Basically my application is running on https://example.com/login. I have this DNS on route53. Now I want to display the "Under maintenance" page on the same URL.
So I created a static HTML page and hosted it in s3. Now if I am hitting example.com then I can access the static page but when I am hitting https://example.com/login or http://example.com/login I don't see the static page. Now I am having 2 questions:
Can I redirect example.com/login to example.com? so that my static page is visible.
Can I redirect https to HTTP or https://example.com/login to example.com?
I guess for https I have to use CloudFront but still checking if there is any other way?
Even if it's possible, you shouldn't do it. Just use CloudFront with Route53 and ACM and host everything on HTTPS. Here's an article how to do that, but you can find a lot of other ones.
The steps you need:
request a new certificate on ACM (make sure you use the us-east-1 region). Select domain validation, then add the CNAME record to the domain
create a new CloudFront distribution, add the S3 bucket as the origin, select "redirect HTTP to HTTPS", then add the alternate domain name as your domain (example.com) and select the ACM certificate
add an A and an AAAA record in the Route53 hosted zone, make them an ALIAS to the distribution
wait a few minutes and it should work
Using HTTP marks the connection as "Not secure" by the browser and a login form is especially something you want to serve over an encrypted connection. You need to set up CloudFront once, and you can add new files to the S3 bucket.
The hosted application worked until yesterday but suddenly not working today.
What I have done?
Using Cloudfront - To host my website from Amazon’s edge locations with a custom SSL certificate setup for my domain.
Amazon
Certificate Manager - To get HTTPS Certificate
Hosted my client application in S3. They wanted to access their site using a domain name. To achieve this I have provided two records as given below.
Type Host Value TTL
A # IP of the client domain 600
CNAME www CloudFront distribution URL 600
The thing is Endpoint which I got while configuring Cloudfront "d3ajo2v2g7lf33.cloudfront.net" is working but the domain name which I added as an alias to this endpoint is not working.
Probable findings from my side:
1) Used let's encrypt to get the SSL and it's about to expire within a week.
2) Added A record with the IP address of the domain. As am using Cloudfront am doubting that the domain does not have a static IP.
Also please let me know CloudFront distribution domain name IP will change every time or will it be static.
Kindly help me to resolve this.
CloudFront has CNAME record as well. So you have to register your domain name in the CloudFront distribution.
as for the SSL certificate for your custom domain, take a look at AWS ACM. It may be easier than using lets encrypt certificate (your call).
and yes. use the cloudfront's domain URL. it won't change unless you delete the distribution.
I am trying to configure a custom domain from namecheap to serve my cloudfront distribution. I did all steps i am aware of but the https is not working.
What i did:
created cname record for my domain in namecheap: www -> d12312***.cloudfront.net
created and validated amazon certificate from acm (it shows "issued" for www.mysite.info)
Edited my cloudfront distribution, included the domain www.mysite.info to the alternate domains section, selected "custom ssl" and selected the certificate i created from step 2.
Now my domain www.mysite.info/test.jpg does show the image hosted from my cloudfront, but the https is not working, showing "not secure", what's wrong ?
Please, I don't want to use route 53.
Nevermind, it worked after a while.
Though i struggled with the certificate manager dns verfication.
Amazon asks you to put a cname record like:
Name: _220a646ed9c024bb4e8a234d7224ae.www.mysite.com.
Type: CNAME
Value: _d5983967e8as12f80ae85685bb5ce7.hsdfuiqjoua.acm-validations.aws.
If you put/update the cname records as shown, it won't work, instead, remove the domain name from the name:
_220a646ed9c024bb4e8a234d7224ae.www
and keep the value as it is.
wait 10mins
Hit "continue" in amazon certifcate manager. voila! it shows certificate issued.
I have the static website hosted on S3 which is displaying correctly using the Amazon s3 link.
As per Amazon docs, I created two buckets, example.io & www.example.io. The example.io has the content (files) for the website; the www.example.io bucket is redirecting to the phlo.io bucket.
I am trying to configure Godaddy Apex domain DNS settings to redirect to the S3 bucket. As an example, the domain is http://example.io & I entered the settings in Godaddy domain DNS in the following form:
Type: CNAME
Name: www
value: example.io.s3-website.eu-west-2.amazonaws.com
TTL: 1 hour
However, the website is not displaying on the link http://example.io. How do I configure the apex domain to display the static website?
You can't, sorry...
AWS do not provide an IP Address that you can add as the Apex A Record. This causes issues using S3, CloudFront, ELB, and API Gateway.
If you are using AWS Route53, you can set the Apex A Record as an "alias" to those other services in your AWS account. This is an AWS bespoke service to get around only being able to set an A Record IP Address as the Apex Address.
So you can either move your DNS to AWS, or use a www redirection service. This will provide you with an IP Address which will respond with a redirection to your www.example.io address. People often use services like wwwizer.com to do this for free: http://wwwizer.com/naked-domain-redirect
On further investigation, it turns out that GoDaddy offers http redirection in its DNS service. Here is a guide to setting up naked domain name redirection to the www sub domain: https://help.ghost.org/article/17-custom-domains-using-godaddy
Steps to follow to redirect all traffic from www.yourdomain.com to www.yours3bucket.amazonaws.com
Create a bucket with the same name as your domain name(in this case www.yourdomain.com), make it public and host it.
Go to Godaddy DNS Server and Enter a CNAME Entry with host as www, Points to as www.yours3bucket.amazonaws.com and TTL as default.
(This is to redirect all the traffic to your AWS S3 Bucket, It will only work with www.yourdomain.com and not with yourdomain.com if you do not set a forwarding as mentioned on step 3)
Now also add a 301 forwarding to http://www.yourdomain.com or https://www.yourdomain.com.
(This is to forward yourdomain.com to www.yourdomain.com)
1.I have a domain purchased through godaddy. I have set custom DNS and added 4 name servers generated by the hosted zone in AWS Route 53. DNS lookup through whois.net shows the correct values.
2.In Route 53, I have added an A record to the Alias Target xxxxxxxxxxxxxx.cloudfront.net. So the traffic hits Route 53 and goes to CloudFront.
3.In CloudFront, I have one distribution. As Alternate Domain Names (CNAMEs), I have the following values:
*.domain.com / www.domain.com / domain.com
Under origins, I have one record with the following Origin Domain Name:
domain.com.s3-website.az-name-1.amazonaws.com
4.I am hosting website in an S3 bucket. All HTTP requests are set to redirect to HTTPS.
5.Lastly, I have created (US East (N. Virginia) region) and verified a single certificate for the following domain names: domain.com, www.domain.com, *.domain.com
I have read some answers that I should just wait and the custom SSL certificate option will become enabled. It's been more than day now, however, and there is no sign of that happening.
My website works in http mode, but not in https url. Any solution ...Please help...
PS. I am new to aws, please help me...
HTTPS settings was working perfectly as cloudfront url was working as expected so I realized it was just a DNS issue. All it took was an TYPE A record pointing to it.
Solution :
Add/edit proper "TYPE A" record with "Alias Target" as a cloudfront url.
Credit : Setup AWS S3 static website hosting using SSL (ACM)
Can you confirm whether you have used ACM to generate the SSL certificate? Or you are using SSL certificate from other vendors?
STEP 1:
If you have generated the SSL Certificate from ACM, please make sure you did that with US East (N. Virginia) region. Because, CloudFront being an AWS service which is not tied to any specific region, it will use the certificates from US East region only.
STEP 2:
1. Use the "Request or Import a certificate" option in CloudFront
2. Select the certificate which you generated
3. Complete the setup and try
If everything else is setup fine, you should be able to access the contents with HTTPS after the above step.
Let me know in case it didn't work
For anyone else coming across this issue, the button was greyed out for me also and YES, I had requested the ACM cert in us-east-1.
The fix was to try in the Edge browser instead of Chrome.
For me the solution was very simple... I failed to add "Alternate Domain Name", once I did everything clicked.