I have a very simple website that I want to host in a GCP bucket. I want it to only use http (not https) and don't want to add a load balancer and most examples of static GCP websites show adding a load balancer.
The only example I could find without a load balancer shows pointing a CNAME record to c.storage.googleapis.com which would connect to the bucket that's named www.mysite.com.
So far, that works fine except that it doesn't include access to the domain without the www subdomain attached (mysite.com). And, I can't attach an ALIAS record that just points mysite.com to www.mysite.com because Google Cloud DNS doesn't have ALIAS records.
It seems like there would be a pretty simple solution but I'm stumped.
By design you cannot create a CNAME record in a "root" domain level. It has to point to a subdomain. Unless you're pointing it to other domain.
By design buckets are served using CNAME record such as www.mysite.com pointing to c.storage.googleapis.com.
So you're forced to use www prefix or other subdomains.
There's a mention in the documentation of a possibility to serve bucket using A record.
You can use a bucket name in a DNS record as part of a CNAME or A redirect which gave me an idea.
But it's a "brittle and hardwired" solution
You need to create bucket named "mysite.com" with the copy of your site.
Then you go to your managed zone and edit A record to point to the IP of c.storage.googleapis.com which is 74.125.143.128 (at least at the moment I was writing this). Next you change your CNAME record www.mysite.com to point to mysite.com to redirect www to non www.
Then wait until the changes propagate and you're set :) I tested it and it works. I don't like to wait so I changed TTL's of all records involved to 1 minute.
Then you'd ask yourself why I wrote it's "brittle and hardwired" ? It will work until someone will change the IP of c.storage.googleapis.com.
Maybe there is some other way to set up DNS records to point to c.storage.googleapis.com instead of IP but I wasn't able to figure this out.
If you don't change your CNAME record and leave it pointing to
c.storage.googleapis.com then you can have to sites (identical or not it's up to you). One available with www - other without.
Related
I am trying to host my static website using S3. I have a domain that I bought outside of AWS. The URL for my bucker http://my-website.com.s3-website-us-east-1.amazonaws.com. My domain name is my-website.com. I have tried everything but I cannot wrap my head around how I should be configuring CNAME so that my URL does not look messed up. I tried forwarding but that does not work for obvious reasons.
Please suggest solutions.
It depends on what your DNS provider is
You're using Route53 then you need to go to the Hosted Zone for my-website.com and add a A record for my-website.com that points to the bucket. You must set Alias to true for this to work.
If you're using a different DNS provider you can't route Apex domain (my-wesite.com, without www, or another subdomain in front). You'll be able to add a CNAME record for a subdomain that points to the S3 web endpoint.
I'm replacing a legacy website with a new one, in stages. From a user perspective, all existing URLs must remain the same, but certain paths should serve new pages.
I have two origin servers: the legacy one (www.mysite.com) and the new, EC2 one (www.ec2-loadbalancer.com) – obviously mock URLs for privacy reasons.
I've created an AWS CloudFront distribution with a CNAME setting of www.mysite.com. Within this distribution I've created two origins domains:
www.mysite.com
www.ec2-loadbalancer.com
Within CloudFront I've configured some behaviours so that paths like /foo are sent to my EC2 load balancer origin, and all other paths (eg. default) are sent to www.mysite.com.
From a DNS perspective, I've added a CNAME record of www.mysite.com which points to my Cloudfront host domain (eg. foo.cloudfront.net.). The A record for this domain points to the IP of the legacy server.
I launched all of this today and it seems to have worked, but I'm seeing intermittent 403 errors on the site, and two hours after making the change (there was no "www" CNAME before, so TTL shouldn't make a difference), some browsers are still serving the site from the original IP (rather than the CloudFront one).
Have I configured this properly? I couldn't work out how to do this via the A record – that points to the IP of the legacy server, and CloudFront doesn't allow me to enter an IP address as an origin. Should I have pointed the www CNAME at the IP address, made the A record point at CloudFront instead? I'm a bit lost here.
On the other hand, it could all be a propagation thing, but I'm wary having seen 40x errors hours after making the change.
i think you should create an A record (for the named domain name) with an alias pointing to the cloudfront distribution. It should solve the problem.
i.e. Use Alias name instead of IP address and point your domain to cloudfront:
It's a shame you can't share the domains with us to help debugging, but at the very least, dig is your friend. For instance:
$ dig membership.theguardian.com
...
;; ANSWER SECTION:
membership.theguardian.com. 367 IN CNAME i.global-ssl.fastly.net.
i.global-ssl.fastly.net. 12 IN A 151.101.128.67
i.global-ssl.fastly.net. 12 IN A 151.101.64.67
i.global-ssl.fastly.net. 12 IN A 151.101.0.67
i.global-ssl.fastly.net. 12 IN A 151.101.192.67
...tells you that membership.theguardian.com is pointing to Fastly by CNAME. You can check with alternate DNS servers, like Google's DNS on 8.8.8.8, by doing this:
$ dig #8.8.8.8 membership.theguardian.com
...so you can see how other people are resolving your domains.
From a DNS perspective, I've added a CNAME record of www.mysite.com
which points to my Cloudfront host domain (eg. foo.cloudfront.net.).
The A record for this domain points to the IP of the legacy server.
I'm not a DNS expert, so it's possible I'm not understanding you here, but this sound like it introduces ambiguity? To me this sounds like you have two different records for the same www.mysite.com domain, one of which points to CloudFront, and the other to the IP of your legacy server. Depending on how that gets resolved a browser could be sent to one or the other?!
www.mysite.com should point only to CloudFront. I would personally just use a CNAME for this.
You should have unambiguous addresses for both your legacy server and your EC2 Elastic Load Balancer - I would personally give them their own clear domain names, to avoid confusion (eg. legacy.mysite.com & beta.mysite.com) - and in CloudFront refer to only to those clear names when you're directing traffic (eg. passing traffic on to www.mysite.com as a way of going to the legacy server would be confusing).
Good luck!
I have a static site hosted in a S3 bucket and a domain registered at Namecheap (e.g mydomain.com)
I would like people to access my site using the bare domain, (i.e without subdomain)
I added a DNS record like so..
Type = CName
Host = #
Value = [URL to S3 bucket]
This works but now emails to mailboxes on that domain (e.g hello#mydomain.com) don't work. I've read that this is because if a CNAME is used to specify the bare canonical name for a host you are not allowed to have any other resource records (e.g MX) for that host.
How can I get around this? I don't want to resort to adding a subdomain like www.
It isn't a valid configurarion to have a CNAME at the apex of a zone like this. The DNS provider should not even allow you to create it. Yes, it breaks your MX if you try it.
That's why Route 53 introduced A-record aliases. See the link mentioned in comments for an explanation. Alias records appear to behave like what people commonly assume a CNAME does, but they aren't CNAMEs and are not invalid at the apex.
To do this right, you need to use Route 53 as your authoritative DNS hosting provider.
One workaround is to create a bucket with www. at the beginning instead of the one you have now, create a www CNAME pointing to it, and then set your # A record to the value provided by a service like http://wwwizer.com, which redirects example.com → www.example.com.
I am not affiliated with that service but I have seen it used for this purpose.
I`m currently using route53 for 2 domains that points to the same website.
Lets assume they are www.example.com and www.example.com.xx, I`ve created 2 hosted zones and maintained the configuration created by default. So, initially I had entries for NS an SOA in each hosted zone.
My EC2 instances are behind Elastic Load Balancer, so my first step was to create aliases for both domains and it naked domains, having the following scenario:
www.example.com
name type value
example.com. NS Generated value
example.com. SOA Generated value
example.com. A ALIAS to my ELB
*.example.com. A ALIAS to my ELB
www.example.com. A ALIAS to my ELB
www.example.com.xx
name type value
example.com.xx. NS Generated value
example.com.xx. SOA Generated value
example.com.xx. A ALIAS to my ELB
*.example.com.xx. A ALIAS to my ELB
www.example.com.xx. A ALIAS to my ELB
Both domains are pointing to the same ELB, where Apache configs to example.com. Then, my Django app subdomain middleware redirects to example.com(301) if request.get_host contains the .com.xx substring.
It is working perfect for both www.example.com and example.com as for www.example.com.xx, my problem is with example.com.br that never reaches my server.
I`ve already tried to make a PTR entry example.com.br -> www.example.com.br, but it was not the solution.
Anyone can point where my DNS config for this naked domain is failing?
Thank you
Firstly lets worry about example.com.br. [www.example.com.br we will take later]
Did you made changes on ur Domain registrar; so as to give DNS servers as that of Amazon ? What is the output you are getting when u do :
nslookup example.com.br
also what is the output for
ping example.com.br
Yesterday night I was able to redirect my naked domain properly, it was a bug in my brazilian provider that was dealing with the registrar. Actually, I just gave them back the control of the DNS table and took it away (returning it to route53).
Anyway, they were being used as a bridge to the registrar since I was migrating. Now I`m dealing directly with registro.br and the problem is gone.
I have a question regarding AWS Load Balancers.
I can point my CNAME www to my load balancer's DNS perfectly and i know it will always work, BUT I also need to point the # record to the load balancer so people can access mysite.com instead of www.mysite.com and hit the loadbalancer.
The problem is that the A Records have to point an IP Address so i can't point to the DNS and the IP of the load balancer keeps changing so mysite.com stops working.
Can anyone recommend me a work around for this?
Here are the steps.
Click create record set
For zone apex record just leave the name field blank
Select the type of alias you want to make A or AAAA (all steps after this are the same for both types)
Select the yes radio button.
Open the EC2 console in another tab and navigate to the list of your load balancers.
Click on the load balancer and look at the description tab in the pane below the list. Sample output below
You need a web server that does a redirect instead. i.e. you want to send a 301 "Moved Permanently" from the web server that mysite.com points to, redirecting to www.mysite.com. Then you CNAME www.mysite.com over to Amazon.
Some DNS hosting providers will do this for you, I think GoDaddy does. Otherwise you need to set up a web server you can configure to do this.
The Apache configuration in .htaccess could be for example:
RewriteEngine on
RewriteCond %{HTTP_HOST} mysite.com
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=permanent]
If you have a generic Apache-hosting site that supports .htaccess then you could do that.
Anyway what you're looking for is a redirect.
Technically, it can't be done. You can only refer to an Amazon load balancer using a CNAME and it breaks DNS rules to assign a CNAME to the root of the domain because of issues this causes with MX records.
That said, some DNS provider do allow you to do this, Amazon's route 53 doesn't, but Zoneedit allows it (with a warning). If you don't need your email to work for that domain, this is a solution. If you do need email, mine did happen to work using Zoneedit, but the DNS rules says you can't rely on this.
Edit: After my post Amazon added the ability to map the root of a domain (a.k.a. the zone apex) to a load balancer using Route 53. See this blog post.
As David points out, you can't do it and still remain within DNS RFC. You could just build a small no load balanced instance somewhere that just redirecs mysite.com -> www.mysite.com. Not a totally elegant solution, but a work around..
Amazon now has functionality in Route53 that provides a mechanism for binding A records to ELBs: http://www.allthingsdistributed.com/2011/05/aws_ipv6.html
You do NOT need a redirect, and yes it CAN be done. It's just not in the normal mode of working with DNS, so many people aren't comfortable using zone apexes with ELB aliases yet.
See the links given in other answers here, especially https://serverfault.com/questions/342904/how-do-you-create-a-zone-apex-alias-that-points-to-a-elastic-load-balancer-in-th
Amazon has added a special alias option in their route 53 DNS service. You can point an A record as an alias to the load balancer dns. I ran into this same problem because I host my own DNS servers using Bind 9. I didn't want to use the CNAME with redirect solution. The route 53 solution is better and Amazon is great at propagating DNS info across the globe.
Here is an explanation of how to use route 53 with the special alias record for elastic load balancers.
https://serverfault.com/questions/342904/how-do-you-create-a-zone-apex-alias-that-points-to-a-elastic-load-balancer-in-th
The redirect from DNS service provider didn't work for me.
I decided to give up the use of load balancer (from the beginning i created it only to try to hack the mentioned certificate problem). If you must use LB read the opt #2 bellow i didn't try it but i think it's should work.
Opt #1 (without LB)
Take the certificate you got from the trusted issuer and install it directly on the server. Give redirect order from the server (http to https) it will handle www as well.
I used image of bitnami so i could use bncert-tool for that.
Opt #2 (with LB you should have certificate body and private key)
You should do Opt #1 and go to certificate manager at AWS-> import certificate and then use that certificate with your LB that way you have the same certificate with both cases
I never tried opt #2
Good luck
For someone who is not using Amazon Route 53 it seems like a recommended solution is to create a Network Load Balancer which then points to an Application Load Balancer, which then points to our EC2 instances.
The Network Load Balancer has a static IP Address, which is what you want.
Source: https://aws.amazon.com/premiumsupport/knowledge-center/alb-static-ip/