So I have a NextJS application hosted on Elastic Beanstalk (with it exposed on port 3000 in the docker file). Now, I have my domain registered with Godaddy. I initially had the DNS setup in Godaddy to point to Elastic Beanstalk. But then I wanted to use cloudfront for CDN/Caching.
So, I started configuring Cloudfront (using this article). I created the custom SSL certificate and got it verified through DNS as well. I set the origin in cloudfront to points to ELB.
Now, once the cloudfront distribution was deployed, I tried using the cloudfront URL xxxxx.cloudfront.net but I got a "504 ERROR - The request could not be satisfied" error.
If I go to the ELB URL I am able to access my application. So, I am not sure what's the issue here. If the cloudfront is pointed to ELB and ELB works then why would cloudfront URL won't work.
Any advice/recommendations?
If you receive a 504 error you are getting a timeout whilst connecting to the origin.
You should check the following:
Does the security group for the ELB allow inbound traffic from anyone (on port 80/443)? If it does not CloudFront is blocked.
Have you misconfigured your "Origin Protocol Policy", by selecting "Match Viewer" it will expect that HTTPS requests that hit CloudFront attempt to connect to the origin via HTTPS.
Does your application have a start time that exceeds the value of the Origin Response Timeout? By default this is 30 seconds.
Ensure the origin is the correct domain name.
There are additional steps to debug a 504 in CloudFront within the HTTP 504 Status Code (Gateway Timeout) page on AWS.
Related
This is my first time playing around with web development. I'm trying to deploy a simple dockerized Flask application to my domain (example.com).
First, I've deployed the Flask application listening on port 80 of my EC2 instance. All it does is render a frontend on the index path ('/').
I've connected the Cloudfront to https://example.com with a certificate created through ACM.
Next, I created an application load balancer (ALB) on top of the EC2 instance, by adding a listener on port 443 and forwarding traffic to a target group on the EC2 instance instance and port 80.
Within the Cloudfront settings, I have set my the origin as my load balancer through the AWS Cloudfront "add custom origin" settings.
However, once I navigate to either the Cloudfront URL or https://www.example.com, I run into a 502 error.
I've tried several steps to debug including checking the security group of the application load balancer and invalidating Cloudfront cache. I'm also able to view the http:// version of my EC2 instance just fine so I think it is something with the connection between cloudfront and the load balancer. After Googling around, my thought was that this particular 502 error might be an issue with the certificate of the load balancer, since I'm using that same certificate for the cloudfront.
I tried to follow steps to add my load balancer URL (ending in .com) to ACM but got that my certificate status was failed. I was wondering: is this what is going on and how can I issue a free valid certificate for my application load balancer using ACM? There are many sources that say this is possible, but I haven't been able to figure it out. Thanks!
I am trying to connect cloudfront with EBS.
Whats the setup?
EBS is hosting a nodeJs application.
Cloudfront origin set to Elastic load balancer and accepts HTTPS
only [Cloudfront config]
All Alternative domains are added correctly.
ACM certificate is added to Cloudfront [region US EAST - N.Virgina]
EC2 instance / EBS is in the region Asia Pacific. ACM certificates
installed in load balancer are from Asia pacific too.
I am also redirecting http traffic with the help of load balancer listeners.
Security group allows traffic to port 443 .
No AWS WAF set.
Origin settings:-
It's been a day now.
I am trying continuously.
I am able to set DNS A & AAA record to the cloudfront using route 53, getting the dropdown value as well.
I am able to park domains directly to EBS & they work over https properly.
Getting 502 ERROR : The request could not be satisfied.
Already tried https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-bad-request-error/
I doubt my ELB has ACM certificate from Asia Pacific but the ACM certificate used in cloudfront is from US EAST , is that causing the issue? I can't change the EBS region now.
It seems that you did not setup https on your EB. But you are using HTTPS only origin. That's why it does not work. You have to have origin in http, or actually properly setup https on your EB.
Thanks to #Marcin for finding out my stupid mistake!
It was because of the ELB not accepting
https only
config from cloudfront.
But i had set listeners to redirect all HTTP traffic to HTTPS,
and HTTPS traffic points to my instance.
After finding out the reason mentioned by #Marcin
How i solved the problem:
Changed cloudfront origin request to http only.
Set a custom header :
then added a new listener to ELB which forwards to my instance if the header match, it would help EBS differentiate requests from Cloudfront and other origins.
Still i was getting same response, found out the response was from cache. Just had to invalidate cache of cloudfront. And its done! 😎
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html
My app structure is like the default traffic goes to S3 and traffic to /api will go to the application load balancer for my Node.js app API backend. My application has been set up and it's working when I test it like: myapplicationloadbalancerDNS:5000.
I have created a CloudFront with Alternate domain names with my domain name and add one origin - S3, and create a Default(*) to this S3 origin. It's working when I test with my domain mydomainname.com
I'm trying to create another distruibution to /api pointing to my ALB. On this setting, my origin domain is the ALB and protocal is HTTPS only. On its Behaviors setting, I created Path pattern: /api, origin and origin groups is the ALB, viewer is Redirect HTTP to HTTPS, Cache key and origin requests is Legacy cache settings with Include the following headers and Host on Add Header.
Then, when I test my domain on api link, mydomainname.com/api, I got 503 error. Even the link, mydomainname.com/api:5000, I got AccessDenied error.
On this setting, my origin domain is the ALB and protocal is HTTPS only
You have to properly setup https on the ALB. First, HTTPS works on port 443, not 5000. Then you also need a valid public SSL certificate and your own domain that you associate with the ALB.
I have the following setup for my website on windows server:
Domain registered in Route 53
EC2 Instance running on windows server
Cloud front to serve the EC2 origin using the distribution with the option to get user redirected from HTTP to HTTPs.
Public certificate deployed on cloud front.
Here is what is working:
The EC2 Origin, every page works on http protocol.
Domain access, correctly redirects user from http to https
The first website page loads without issues.
ISSUE:
The issue is the error 504 which is displayed when any of the link is clicked on the website. Here is the complete error detail:
504 ERROR
The request could not be satisfied.
CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
I have included all the route options to accept http and https.
I recently migrated my WordPress to an EC2 instance. I attached an Elastic IP address to it and created an A record in my Route 53. But all my requests were HTTP so I wanted to use CloudFront to redirect all my HTTP to https.
I created a CloudFront distribution and now all my HTTP requests are redirected to https. And since my SSL certificate is active, my site is secure.
But now my site (blog.insisivecloud.io) doesn't load and I get a 502 Error which says "CloudFront wasn't able to connect to the origin." I have given the public DNS of the EC2 instance as my origin.
When I go to the public DNS of the EC2 where the blog is hosted it works fine. (ec2-54-167-212-65.compute-1.amazonaws.com)
Where am I going wrong here?
As official documentation says:
For HTTPS viewer requests that CloudFront forwards to this origin, one of the domain names in the SSL certificate on your origin server must match the domain name that you specify for Origin Domain Name. Otherwise, CloudFront responds to the viewer requests with an HTTP status code 502 (Bad Gateway) instead of returning the requested object. For more information, see Requirements for Using SSL/TLS Certificates with CloudFront.