For our application we are using AWS Application Load Balancer (ALB) and have a listener for HTTP: 80 to forward traffic to the TargetGroup.
The way we have setup our application is that we will have a number subdomains and need to access these original subdomains (companyA.something.com) from within the application. Currently the application sees the DNS name of the ALB itself.
So far I have tried to setup the subdomain (in Route53) a couple ways:
Created subdomain as A record with ALIAS pointing to the ALB DNS
Name
Created Hosted Zone for subdomain adding NS records for the
subdomain to the zone file for the parent domain
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html
I discovered that these are basically the same and the application still sees only the ALB DNS Name.
Is there anyway for me to get the original subdomain my users are going to without overriding with the ALB DNS name?
Thanks in advance,
Aaron
You need to check the HTTP HOST header. The framework you use should already be able to handle it for you.
Related
I have a domain company.com, in route 53 I successfully created sub-domain sales.company.com. I have a load balancer running a service with a context root path(e.g. rootpath). I can access the app using loadbalancerdns/rootpath. I tried to create an A record in route 53 to point sales.company.com traffic to loadbalancerdns/rootpath but it does not allow it but if I point to loadbalancerdns then it works and I can access the service using sales.company.com/rootpath.
My question is it possible to route sales.company.com to loadbalancerdns/rootpath ? If not how can this be achieved?
You can't do this. Route53 is DNS provider and it does not have a concept of an url path. You can only create records to full odmains sales.company.com (not sales.company.com/url-path or IP addresses.
You can create path based routing in your application load balancer using listener rules, or front your load balancer with CloudFront. The CloudFront allows you to respond differently to different paths in your url.
We have our website hosted up on AWS EC2 instance behind the Application Load Balancer. Our Route 53 is targetting the Application Load Balancer.
Assuming we have a domain name - company.com
we have SSL registered for this domain *.company.com. We have this certificate enabled on the Application load balancer at 443 port.
We want our website hosted at subdomain - sub.company.com
Current Scenario:
When we access the website with http://www.sub.company.com or http://sub.company.com or https://sub.company.com.
With the rewrite rule for the first two, we are able to redirect to the third endpoint mentioned.
Problem arises in this particular case where we are trying to access the website with https://www.sub.example.com, It gives us a Non Secure Warning. How can we redirect this to https://sub.example.com ?
Things I have tried:
I have tried adding Rewrite rules on the webserver of EC2 Instance.
Added routing rules at Application Load balancer to redirect it at https://sub.example.com
Both of these solutions are not able to resolve the problem, It's maybe because SSL validation is happening at the first step of connection establishment before it reaches to load balancer layer.
How can we resolve this?
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level.
For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. then you have to request a separate certificate for *.login.example.com
I have a web service running on EC2 behind an elastic balancer. I would like to allow my clients to point their A record to my web service so they could have their domain on my server. Similar to shopify or github pages.
However, I don't want to give them the IP of the web service, I'd like the request to go though the load balancer. How can I achieve this? Should I create a small server to forward requests? How does that work?
Many thanks!
If you are running your service behind an Elastic Load Balancer, you usually do not want to use ELB DNS name (which is something like your-service-ELB-1122334455.us-east-1.elb.amazonaws.com). Instead you will configure (probably using Route53, but any DNS service will do) CNAME or ALIAS record with some friendly name, like yourservice.yourdomain.example (this way, name will be easier to remember, and you have the freedom to change load balancer if needed).
All your customers have to do is to create CNAME DNS record pointing their name to your friendly service DNS name, like:
foo-service.theirdomain.example CNAME yourservice.yourdomain.example.
You also need to be aware that HTTP requests will have Host: header containing name entered by user (in case your server/service relies on that info)
You need to consider using Route53 as your clients's DNS service provider might not be supporting this feature beacuse of DNS rule.
See s3.6.2 of RFC 1034
Amazon created a new aliasing system for Route 53. You can now map the apex of a hosted zone to an Elastic Load Balancer using an Alias record. When Route 53 encounters an Alias record, it looks up the A records associated with the target DNS name in the Alias, and returns the IP addresses from that name.
In order to allow all of our customers to benefit from this new feature, there is no charge for queries to alias records when the target is an Elastic Load Balancer.
Associating Your Custom Domain Name with Your Load Balancer Name.
You can also create a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain.
I am running my website on AWS.
I have one load balancer for my two web servers. My load balancer doesn't have a static IP address, it has a domain name.
I want my traffic to come only via the load balancer. I am using Cloudflare's DNS instead of Route 53, because that's what the Cloudflare instructions said.
I cannot add the load balancer's IP as an A record because it is dynamic and cannot be added through Cloudflare's DNS panel (Not like Route 53). Help me I am stuck in this situation. No solution is offered by Cloudflare so far.
Has anyone faced the same issue?
You can set your Cloudflare record as a CNAME alias of your ELB's A record
See:
https://support.cloudflare.com/hc/en-us/articles/200168986-How-do-I-add-a-Amazon-ELB-Elastic-Load-Balancing-record-to-CloudFlare-
I suggest to manage your domain DNS with CloudFlare.
Add a CNAME record for your subdomain demo which points to that IP.
On CloudFlare Console go to Crypto > Origin Certificates. Create a new one with RSA, then import it to AWS Certificate Manager at us-east-1. For the certificate chain use this.
Be sure that Always use HTTPS in Crypto tab is on.
After some minutes you should be using your domain pointing to AWS with HTTPS working fine.
That's what I did to make a subdomain to work with an AWS API endpoint with SSL.
I decided like this:
I created in the cloudflare, in the DNS table, two CNAME records that point to the dns name of the load balancer generated in aws.
The first record created must contain in the "Name" field, the value "www" with the "content" field pointing to the url of the load balancer in aws. The second record, on the other hand, points to root, containing the value "#" in the "Name" field and "Content" pointing to the same load balancer server in "aws".
See the images below for a better understanding.
I've tried with the Cname record with target as Load Balancer DNS name, but the website is not secured.
If you need static IP for your Load Balancer then use Global Accelerator. It will provide you a static IP. After that create an A record with domain name in cloud flare and content with your Static IP provided by Global Accelerator and the Proxy status must be Proxied.
I`m currently using route53 for 2 domains that points to the same website.
Lets assume they are www.example.com and www.example.com.xx, I`ve created 2 hosted zones and maintained the configuration created by default. So, initially I had entries for NS an SOA in each hosted zone.
My EC2 instances are behind Elastic Load Balancer, so my first step was to create aliases for both domains and it naked domains, having the following scenario:
www.example.com
name type value
example.com. NS Generated value
example.com. SOA Generated value
example.com. A ALIAS to my ELB
*.example.com. A ALIAS to my ELB
www.example.com. A ALIAS to my ELB
www.example.com.xx
name type value
example.com.xx. NS Generated value
example.com.xx. SOA Generated value
example.com.xx. A ALIAS to my ELB
*.example.com.xx. A ALIAS to my ELB
www.example.com.xx. A ALIAS to my ELB
Both domains are pointing to the same ELB, where Apache configs to example.com. Then, my Django app subdomain middleware redirects to example.com(301) if request.get_host contains the .com.xx substring.
It is working perfect for both www.example.com and example.com as for www.example.com.xx, my problem is with example.com.br that never reaches my server.
I`ve already tried to make a PTR entry example.com.br -> www.example.com.br, but it was not the solution.
Anyone can point where my DNS config for this naked domain is failing?
Thank you
Firstly lets worry about example.com.br. [www.example.com.br we will take later]
Did you made changes on ur Domain registrar; so as to give DNS servers as that of Amazon ? What is the output you are getting when u do :
nslookup example.com.br
also what is the output for
ping example.com.br
Yesterday night I was able to redirect my naked domain properly, it was a bug in my brazilian provider that was dealing with the registrar. Actually, I just gave them back the control of the DNS table and took it away (returning it to route53).
Anyway, they were being used as a bridge to the registrar since I was migrating. Now I`m dealing directly with registro.br and the problem is gone.