Sorry for the rookie question, but I was unable to find the answer when I searched.
I'm trying to learn how to use AWS, and to do so I'm setting up an online blog with my own domain name. I purchased the domain name, set it up, and everything was working. I was able to get to my page.
Then I wanted to add a TLS certificate, so I set that up, set up a load balancer, connected CloudFront to the load balancer, and waited for that to set up. But when I then tried to access the page, I got an error saying that CloudFront couldn't connect to the page.
So I decided to try to start from scratch. I deleted my CloudFront, Load Balancer, Security Certificate, and EC2 instance, started a new EC2 instance, and hooked up Route 53 to it.
But now when I try to access my domain, it still tries to redirect to HTTPS and I get an error. Since I deleted the load balancer and Cloudfront, I can't figure out where it is trying to redirect to HTTPS. How can I stop AWS from trying to redirect to HTTPS and instead just use HTTP?
Related
I have a site hosted with AWS, but the domain is not ready yet. I want to work on it and begin testing.
The site runs through a load balancer.
When I go to Load Balancers in EC2 I can see the DNS name. If I type this into my browser I get a warning that it is unsafe, then when I choose to load anyway I get an error DNS_PROBE_FINISHED_NXDOMAIN
I used the "dig A " command in terminal to get the IP address. I added this IP address to my hosts file, and I get the same error when trying to access it like that.
I get a warning that it is unsafe
It is unsafe because default ALB url does not use HTTPS. It only works with HTTP which is marked as unsecure by all major browsers.
To fix that you need to have your own domain and setup a valid, pubic SSL certificate using AWS ACM for that domain.
I'm about to lose my mind trying to set this up. I have lost the whole day and can't seem to get near what I want to do.
I have a node js rest api uploaded trough elastic beanstalk, and I'm trying to setup a webpage to present the api, but for the live example to work the api needs to be accessed trough https. I've read the instructions for setting up the https for elastic beanstalk (and like everything on the AWS documentation it is a ridiculous maze). It has sent me trough several different AWS services.
What I basically got from it so far is that I need to set up a Load Balancer that will receive the connection trough https and forward the user to my instance. But I can't get it to work. I have a domain from freenom: bibliaparahumanos.tk, it is setup with an A alias to my EC2 IP, and it works with http, but if I try to access it trough https, I get "connection refused". If I use my normal Elastic Beanstalk url (http://apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com/) with https it works, but I get a warning that the connection is not secure due to the domain on the certificate being different from the domain I'm accessing (which I understand, since the domain in the certificate is for my freenom domain).
I have the Load Balancer Listener set up with:
Protocol: https
Port: 443
Default action: forward to target group
(I have tried the target group with both http and https and the problem remains).
My certificate is from AWS Certificate Manager.
I have also seem this other tutorial but it confused me more. It adds some steps for configuring stuff on the app bundle, but I don't understand if it's required or an alternate way. I have tried setting that up, but it asks me to add the certificate's public key, which I can't figure out how to find.
I would suggest adding a CNAME record to your DNS towards apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com.
A big advantage of using elastic beanstalk is that you can do blue/green deployments; as you will instead add the app URL to your DNS you can build an entire new environment in elastic beanstalk, test/wait until its stable and swap the app urls; which results in deployments without any downtime.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html
I bought a domain named studileih.de, then I deployed my Angular frontend on firebase: https://studileih-ceb70.web.app/ and redirected from my domain studileih.de to the firebase URL.
Then I deployed my Spring Boot backend to AWS Elastic Beanstalk on: http://studileih1.eu-central-1.elasticbeanstalk.com/
-> Problem: Since the frontend on firebase used https and the backend on AWS used http I got a Mixed content error. The frontend wasn't able to load any of the backend data.
So I tried to solve this by creating a SSL certificate for my backend in the AWS Certificate Manager (ACM) and adding this to my Elasting Beanstalk Load Balancer. This worked and I could now at least make a connection from my frontend to my backend.
But now I get this error whenever a request to my backend gets sent:
When I click on "Accept the Risk and Continue" once, it works fine and all my backend data gets loaded. But I can't ask my users to do that.
(You can try this out by following: https://studileih1.eu-central-1.elasticbeanstalk.com/products and clicking "Advanced" -> "Accept the Risk and Continue" (if you dare ^^)
after you've done that, click on studileih.de and it will now load with the backend data.)
I know the problem exists because when creating the SSL certificate, I entered studileih.de as the domain that the certificate is for. I think I have to create a SSL certificate for studileih1.eu-central-1.elasticbeanstalk.com instead.
But when I try to create a SSL certificate for studileih1.eu-central-1.elasticbeanstalk.com:
I get this error from ACM:
How do I create a SSL Certificate for the Elastic Beanstalk URL?
p.s. I also tried to issue a certificate for my firebase URL https://studileih-ceb70.web.app/ but this one already uses Https by default. Also I couldnt find out how to DNS/Email validate the ACM request in the firebase console. But I think I need a certificate for the Elastic Beanstalk backend at studileih1.eu-central-1.elasticbeanstalk.com, not for the firebase frontend, right?
p.p.s. I don't really need to use https, so a solution would be to make firebase use http instead of https, but I couldn't find anything on how to do that.
UPDATE:
I added a subdomain called api.studileih.de (the immediate access is blocked by spring security, as you're not logged in to my site, but you can test it with api.studileih.de/products, because this API is accessibly without login). Then I redirected that subdomain to my AWS Load Balancer as suggested by Mark B by adding a CNAME to the subdomain:
(it's not possible to change to english there, sorry)
this is my Load Balancer:
I tried to put the DNS-Name as A-Record into my subdomain, but it was only possible to enter a IP4 adress there, so I entered it as CNAME instead. I also tried to find out the IP Adress of the Load Balancer, but Load Balancer don't have a static IP Adress.
This approach with the subdomain and the CNAME unfortunately didn't work, so I'm still looking for a solution...
(Here's the menu for setting a A-Record. You can only enter IP Adresses there:)
I know the problem exists because when creating the SSL certificate, I
entered studileih.de as the domain that the certificate is for. I
think I have to create a SSL certificate for
studileih1.eu-central-1.elasticbeanstalk.com instead.
You can only create an SSL certificate for a domain you own. You need to point a subdoomain of studileih.de, like api.studileih.de, at the Elastic Beanstalk load balancer, and then attach an SSL certificate to that load balancer that matches that subdomain.
Good evening, I am currently trying to set up a load balancer for my server, I successfully set everything up, however when I go to google domains to set ip record I get the following error "mysite.com unexpectedly closed the connection."
http://prntscr.com/npm04o
http://prntscr.com/npm0ot
Also when i type the ip manually in the browser I get the same error. However when I set my ip record to a VM machine ip that comes from my instance group the load balancer ip starts to redirect to my site. I would like to get the load balancer ip to work with my google domain records.
Picture of configuration
http://prntscr.com/npm3ye
I think you are connecting to the load balancer using HTTPS. You do not have a front-end configured for HTTPS. Specify http:// and try again. If this is not the case, then go to Stackdriver and check the logs for your HTTP(s) Load Balancer.
Note: You have not provided enough information in your question. You need to provide the frontent, backend and healthcheck configurations.
Once you have everything working, your DNS resource record TTL should be longer than 1 minute - clients will constantly have to resolve your DNS names. Using a CNAME instead of A record adds another lookup. Use an A record instead.
I can code but I don't understand anything about servers or DNS settings.
I found I could easily use beanstalk to launch applications that I'm working on but I do not understand fully how to properly create DNS entries and enable HTTPS.
In Route 53 I was able to successfully create a "Hosted Zone", point my domain to amazons four name servers, and create two A records. I created an A record for "domain.tld" and "www.domain.tld" and for each I selected "yes" for alias and "yes" for evaluate target health. For each A record for the alias I entered the long "environment.key.region2.elastickbeanstalk.com" URL they gave me for the application I created in Beanstalk.
To my surprise everything worked and visiting domain.tld or www.domain.tld goes to the root index.php file. Is there a better way to do this? I'm not sure if what I did is the correct way to do this.
Also, part two of my question: How do I setup HTTPS? - I watched a YouTube video where the guy goes to Services > Certificate Manager enters in "*.domain.tld" which I did, selected DNS validation, created a CNAME record as it requested me to do, the status updates successfully to "issued", I went to back to beanstalk > configuration > load balancer and under "secure elb listener" selected HTTPS for protocol and selected "*.domain.tld" for my certificate.
So now when I go to www.domain.tld or domain.tld nothing happens. If I go to https://www.domain.tld it shows the certificate but if I go to https://domain.tld it'll say "connection not private NET::ERR_CERT_COMMON_NAME_INVALID" click to continue type message.
Generally speaking I'd like everything to automatically go to https://domain.tld without someone entering in https://
I had to change my environment type to "load balanced" to see the "https/certificate" settings but I want to be able to use https on a "single instance" as well.
Also, when making changes to Route 53 "the DNS stuff" do I need to restart my application?
1) Your Route53 -> EB setup sounds fine.
2) The certificate problem you're seeing when trying to browse to https://domain.tld is because your cert only covers *.domain.tld, which does not include domain.tld. You can reissue the certificate to cover both.
3) If you want to redirect http://domain.tld to https://domain.tld, you'll need logic in your web server (apache, nginx, etc) to do that, as DNS does not operate at the protocol level.
4) If you want to use a certificate directly on an EB instance rather than on a load balancer, then you'll have to install the certificate and configure your web server appropriately. If you can afford the expense of keeping the load balancer, that'd be a much easier solution.
5) You shouldn't need to restart your app after making DNS changes.