I have a webserver running on a AWS EC2 instance (has an elastic IP) that can be accessed over my own domain (www.xy.ch) via http. Now, I need to access the webserver via https and so I created a certificate for my domain (www.xy.ch), uploaded it to AWS Certificate Manager and added the certificate to a Load Balancer connected with my EC2 instance.
This seems to work so far. When I target the DNS name of my Load Balancer (xyz.eu-central-1.elb.amazonaws.com) with a https in front, I can access my webserver. But the certificate is flagged invalid, because its common subject name (my domain name: www.xy.ch) does not match the input (DNS name of Load Balancer: xyz.eu-central-1.elb.amazonaws.com).
But now, I have no idea how to proceed so that I can access my webserver with https over my own domain (www.xy.ch). It does not work at the moment, so I obviously miss a configuration step, but I really don't understand what.
How can I connect my own domain with the Load Balancer's DNS?
I did some research and tried to understand the answers of similar cases (e.g. Assigning Static IP Address to AWS Load Balancer), but could not find a solution for my case.
The solution was indeed to delete all DNS entries pointing to the IP of the webserver and redirecting everything DNS wise over the Load Balancer. Credits to Mark B!
Related
I have a docker application hosted on AWS beanstalk, and I have configured such application with R53 to access it via a domain name, let's say example.com. Also that application has an IP address for example 50.50.50.50.
What I need is that when a user types in the browser http://50.50.50.50, it gets redirected to http://example.com, how I can achieve that in AWS?
Thanks
The response here How to block accessing the beanstalk web app via ip address helped me to redirect an ip address to a domain name, using ELB rules.
It's not quite clear what you mean by "preventing access through IP".
If the IP is public, you can't do much. That's just how TCP/IP works.
However, if your intention is to keep the original name generated by Beanstalk hidden from public, then you can deploy Beanstalk application in a VPC with its load balancer being "internal". That prevents the load balancer from having a public IP. You can then have a public load balancer with a public IP to which the domain name gets resolved. You still have a public IP for the external load balancer, but there is no way to get to the load balancer created and managed by Beanstalk.
If you have an internal DNS zone in AWS that you'd like to use, then you won't need the externally reachable (from internet) load balancer. This way your application is not reachable from internet.
I have a simple AWS setup of 2 VMs hosting a WebApp. An Application Load Balancer is in-front of these machines. I can access the DNS name of the Load Balancer and can reach to the WebApp.
Now, I want to connect to my app with a domain name hosted on Godaddy. I tried to simply create CNAME (as no Elastic IP on Application LB) with the LB's DNS name, but it didn't work.
What am I missing ? I tried with godaddy support but already wasted 7 days with not solution.
I want to put SSL certificate also on ALB. Should I be aware of anything specific in this setup?
The problem was, I was trying to CNAME for root level domain. Now, I created an alias in Route 53 and used AWS's nameservers on Godaddy to forward request there.
I have a Wordpress website with a GoDaddy domain being hosted on SiteGround using the nameservers. I am looking to switch to a React App which is currently running on an EC2 instance in AWS. I want to run the ec2 instance (aka the react app) on a subdomain like beta.domain.com inside SiteGround while still keeping the Wordpress website since its a part of my business. I tried creating a subdomain in SiteGround and then pointed it to my EC2 instance elastic IP (the public ipv4) using an A record but it is showing "This site can't be reached" error once I go to beta.domain.com.
What am I doing wrong? How do I run the EC2 instance in a subdomain hosted in SiteGround?
EDIT
Thank you, everyone, for your help. The problem was the SSL certificate for the HTTPS. The website wasn't coming on due to the HTTPS setup on the Nginx on the EC2 instance. After I put in the details of the certificate it runs properly with just the A record.
Any public address in the AWS environment are never accessible from outside the security groups. Even if you try to ssh from your own machine and if it is not in the inbound rule of the security group of your EC2 instance. I feel there are 3 ways out here.
1.) Adding an all traffic rule in your EC2 Security group inbound rule. This is not recommended as it opens all traffic to your machine.(additional tip: set up secure ssh key with the machine)
2.) Use an ELB to route traffic to your EC2 instance. ELB will provide you with a DNS record which can be used an a CNAME in godaddy(Point 3 shows how to map it as a A record in GoDaddy)
3.) Using Route 53 Hosted Zones - You could delegate your DNS to be managed by AWS Route 53. This way all traffic will be routed to your machine by AWS R53.
Another tip: Elastic IP can also be used which are like permanent static IP Addresses accessible from across internet. This provided a secure communication method to your instances.
Let me know what could be the favorable solution for you. I could help you out further
If you have registered your domain name with Goaddy, you can create subdomain in Godaddy as CNAME and point it to static IP address of your ec2 instance. Here is a link to guide you.
Also your main domain name will point to your Wordpress website on SiteGround.
Now that you have EC2 instance, you can also run a wordpress site on that instance if you like.
I have a website that I have hosted on an EC2 instance that runs on port 3000. (e.g. 3.27.83.19:3000 - assuming the IP address of the EC2 instance is 3.27.83.19)
I have a domain that I have already bought mydomain.com through AWS that I already see in Hosted Zones.
How can I set-up Route53 so that when someone hits "mydomain.com", it takes them to 3.27.83.19:3000 rather than 3.27.83.19
Thanks!
point domain to instance ip
To point example.com to 3.27.83.19 you simply need to create an A record in route53
point domain to load balancer
To access the website running port 3000 on an EC2 instance through https://example.com, you need a service that accepts traffic on https://example.com and then forward the traffic to the EC2 instance on port 3000. You can easily do it with an AWS application load balancer. I like this approach.
There are many benefits using an application load balancer. The important one is that you can configure the SSL certificate easily. The application load balancer also supports host based routing which allows you to host multiple websites.
If you are looking for less expensive solutions, you can also go for setting up an nginx proxy inside the ec2 instance. I personally don't like this approach because you will need to configure SSL at the application level.
https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
Hope this helps.
This is the situation:
I have a subdomain (i.e sub.domain.com) which has a cPanel and the domain namerserver must not be changed at all.
I have a classic load balancer in AWS with ec2 instances inside it that is already set up with Amazon Certificate Manager for its SSL Cert (cert DNS validated and in use).
Currently I added an A record in the subdomain that refer to IP address of one of the EC2 Instance, the problem is the EC2 does not come with the SSL Cert therefore could not access the site with https:// and I could not find anywhere on how to refer this subdomain to my load balancer with the cert so that the site can be opened with https://
Have tried various combinations in the subdomain record, A record also only allow IPv4 address while the ELB DNS is not.
Does anyone know how to connect my subdomain to my ELB? Thanks a lot in advance
Your certificate (AWS Certificate Manager) is probably set to ONLY for the primary domain (domain.com), to fix this your certificate needs to slow down the subdomains as well, so I recommend creating a certificate for * .domain.com
After creating the certificate you will still have to bind it to Elastic Load Balancing.
More information: https://docs.aws.amazon.com/en/acm/latest/userguide/acm-certificate.html