I'm sure I'm missing something simple here, but my problem is this. I'm hosting my web app on aws as an Elastic Beanstalk application. The EC2 instance created has a load balancer associated with it.
I also have a domain registered on aws, and on Route 53, I have an A type configured for the domain and the alias target is the load balancer. That's all working fine.
I also wish to host a static html page for my domain. But to do that according to this - https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html#root-domain-walkthrough-add-arecord-to-hostedzone, I also need to create another A type alias in Route 53 for the S3 bucket.
The problem is I cant seem to be able to have both. Is there a way to configure my load balancer and/or Route 53 settings to be able to host and serve my static website and my elastic beanstalk instance?
No. Unless you use a reverse proxy like Nginx (in front of ELB) to serve your static page (hosted on S3) on different port or port 443 but on different uri like https://<yourdomain.com>/static and serve your Elastic Beanstalk web app on port 443 on uri / like https://<yourdomain.com>.
<yourdomain.com> -> DNS A record -> Nginx server -> route to ELB or your static page (hosted on S3) depending on which port/uri was requested.
OR
Host your static html page on an EC2 instance and setup a rule on ELB to route requests with /static in URL path to that EC2 instance.
https://aws.amazon.com/blogs/aws/new-aws-application-load-balancer/
Related
Hi i have laravel app deployed with AWS Elastic Beanstalk.
I have domain on cloudflare, I created hosted zone in AWS Route 53 with A record which is alias to my Elastic Beanstalk env but if i want to access app with this domain it just doesnt work, if i create A record with EC2 ip associated with Elastic Beanstalk env everything works, but when autoscaling pops up this ip changes, I tried to point DNS with CNAME to .elasticbeanstalk domain associated with app but same result, anyone had similar problem?
I tried using dig mydomain and answer section gives me 2 ip addresses - typing both to browser lets me access application, but neither of those two are same as ec2 intance associated with Elastic Beanstalk env,
I also tried using DNS Checker online, seems like some DNS servers reads my domain as those two IP addresses from dig command, some DNS servers reads my domain as a combination of EC2 instance address + one of address displayed in dig command
Any idea what can cause this? Server works on amazon linux + nginx on which i used certbot to get SSL Certificates (all 80 port requests are pointed to 443 port which seems working - because after typing http://domain I get 301 redirect to https://) nginx -t tells that configuration of nginx is ok
The problem was lack of HTTPS listener in load balancer.
To resolve something like this:
Go to configuration
Find Load Balancer and Edit
Add Listener for 443 Port HTTPS and SSL certificate
I have a domain company.com, in route 53 I successfully created sub-domain sales.company.com. I have a load balancer running a service with a context root path(e.g. rootpath). I can access the app using loadbalancerdns/rootpath. I tried to create an A record in route 53 to point sales.company.com traffic to loadbalancerdns/rootpath but it does not allow it but if I point to loadbalancerdns then it works and I can access the service using sales.company.com/rootpath.
My question is it possible to route sales.company.com to loadbalancerdns/rootpath ? If not how can this be achieved?
You can't do this. Route53 is DNS provider and it does not have a concept of an url path. You can only create records to full odmains sales.company.com (not sales.company.com/url-path or IP addresses.
You can create path based routing in your application load balancer using listener rules, or front your load balancer with CloudFront. The CloudFront allows you to respond differently to different paths in your url.
I am trying to setup HTTPS across my app which consists in a frontend (S3 bucket distributed with CloudFront), and a backend (node.js app inside Elastic Beanstalk).
For the CloudFront part, I created an SSL certificate in N. Virginia (apparently I don't have a choice here) and I made the binding in the CloudFront distribution. It works and my app is served over HTTPS.
For the Elastic Beanstalk part, I created an SSL certificate in Ireland (where my EBS app is hosted) and I bound this certificate to the EBS load balancer using the port 443. It works and I can reach my server with HTTPS using Postman.
However, when my frontend tries to make an API call to the backend I get this error :
I guess I made a mistake while creating the certificates, but I cannot find it. I gave both certificates the same set of CNAMES, I am not sure if I am supposed to do that.
EDIT :
I get the exact same error after updating the frontend so that it points the DName of the load balancer (also mapped to subdomain with Route 53).
CloudFront is attempting to load an HTTPS URL from your load balancer. I assume you have an SSL certification assigned to the load balancer. The domain name of the SSL certificate on the load balancer needs to match the domain name that CloudFront is requesting.
For example if the load balancer's SSL certificate is something like beanstalk.mydomain.com then CloudFront would need to be making requests for https://beanstalk.mydomain.com. The error CloudFront is giving you says that the domain name of the SSL certificate served by the load balancer does not match the domain name djumbo-back-debug.eu-west-1.elasticbeanstalk.co.
You need to setup something like the following:
DNS Name www.mydomain.com points to CloudFront Distribution
Configured to serve www.mydomain.com
Configured with an SSL certificate for the domain www.mydomain.com
Configure to pull from the origin beanstalk.mydomain.com
DNS Name beanstalk.mydomain.com points to Elastic Beanstalk application
With a Load Balancer, with an SSL certificate for beanstalk.mydomain.com
I have a web application on tomcat server in aws ec2 instance. I have also purchased domain from godaddy eg xyz.com.
Now I've done the mappings in AWS Route 53, and also updated the name servers of the domain.
Application is accessible with xyz.com:8080/ABCProject url but I need to access the same with xyz.com
The easiest way is to use AWS ELB/ALB and create Listener on port 80/443 and backend with port 8000 and create alias record to point xyz.com to load balancer.
You will either need to expose the application on port 80. Or have some kind of reverse proxy (nginx for instance) / load balancer / api gateway sitting in front of the application that is available on port 80 and proxies calls to 8080. Whenever you go to any website without an explicit port number in the URL you are going via port 80.
Route53 is for managing DNS (name -> ip NOT name -> ip:port) it will not do what you want here.
I am attempting to add HTTPS to my AWS Elastic Load Balancer.
I obtained a certificate through AWS Certificate Manager:
I have enabled HTTPS on the load balancer:
I made sure the security group for the load balancer accepts 0.0.0.0/0 on 443:
When going to my domain on HTTP, it works.
However, when trying to load my domain with HTTPS, it does not work ("ERR_CONNECTION_TIMED_OUT")
EDIT and UPDATE:
It is the API that I am attempting to get HTTPS working for, not necessarily the domain. The domain serve's a static file (angular web app) from S3, and it is angular that is calling the load balancer (to transfer the request to an EC2 instance) for DB data.
When angular calls the api directly via the load balancer domain name over HTTP, the request responds as expected.
When angular makes the same api call over HTTPS, I get the following error:
You enabled HTTPS for your domain name, not the ELB domain which Amazon owns. You can only create SSL certificates for domains that you own. You can't enable SSL for "mydomain.com" and then excpect that to somehow work on a completely different domain. You need to change your AngularJS code to reference the API by your custom domain name which you have created an SSL certificate for. You need to point the domain to the ELB and install the SSL certificate for the domain on the ELB.
Mark B provided the almost full solution.
As my javascript code is calling the elastic load balancer (ELB) via it's DNS name provided by AWS, I can't obtain an SSL certificate for the domain I don't own.
As Mark B pointed out, I need to point my javascript code to the domain I do own, and have an SSL cert for.
So I can create a sub domain (e.g. api.mydomain.com) of the domain I own that then points to the ELB.
An A Record (e.g domain pointing to an IP) looks like it could fit the need.
However, an A Record can't point to the ELB because it's IP could change.
The missing step was to use AWS Route 53 to point the A Record to an alias (Route 53 allows you to do this) that represented my AWS Elastic Load Balancer.