I am trying to point Cloudflare DNS into Amazon's AWS EC2 server, but am unable to do so. When I set this up, the request to go into my url simply times out.
Based on this previous question, I have tried the steps (except using route53) but the subdomain still cannot not be accessed. tracert shows the request timed out half way.
How can I successfully point Cloudflare to AWS EC2 server without using route53?
Cloudflare explains how to do this here.
https://support.cloudflare.com/hc/en-us/articles/360020991331
You add a CNAME record at Cloudflare to your AWS hostname, the URL that looks like this: my-cool-cachepp-1344276401.eu-west-1.elb.amazonaws.com
CloudFlare is an authoritative DNS provider, you have absolutely no need for another DNS provider like Route53.
Instead you set the nameservers which CloudFlare issued you at your domain registrar.
You will need to enter in your existing DNS records at your DNS registrar into CloudFlare for any DNS records you wish to migrate:
Related
I'm trying to configure cloudflare dns to point to an elasticbeanstalk application.
Most of the tutorials are using route53 but I'm trying to see how it'll work with cloudflare
I bought a domain: myapp.com and it's already pointing to the cloudflare nameservers.
On the cloudflare there's NO dns record right now.
I can access the eb app by url :
myapp-env.eba-uistqmhg.ap-southeast-1.elasticbeanstalk.com
so how do i point myapp.com to the eb app ?
Do I simply add a CNAME that points to the eb url or I need to use the eb ipv4 instance?
You can add a CNAME for myapp-env.eba-uistqmhg.ap-southeast-1.elasticbeanstalk.com. After making the change, it might take few minutes for the DNS to propogate.
I have set up an EC2 instance. Logged in with server and set up apache2 in it.
Example Domain: www.example.com
Created Route53 for example.com and pointed NS record to Domain provider. So, I am going to use Route53 for DNS.
In DNS, I have created A record with EC2 IP.
In apache2 set up VirtualHost for www.example.com, Reloaded apache2 server, and also enable site www.example.com.
Now, I have purchased a certificate from the AWS certificate manager for www.example.com. I have added the CNAME record in Route53 and also validated the domain. The certificate was also activated.
Now, I am going to hit the site www.example.com, It's redirecting to https://www.example.com but the page is giving an error regarding HTTPS.
I have also opened 443 port for that instance.
I think you forget to add a Load Balancer (ALB) or a CloudFront Distribution in front of your EC2 instance since Certificates produced with ACM must be configured on these kind of components. Not possible with EC2. And it can not suggest where to use it.
I have a domain name configured into GoDaddy domain provider.
I created Angular application accessible using this cloudfront internal web address:
xxxxxxxxx.cloudfront.net
The question is how to configure the domain to redirect properly web requests to this address hosted on AWS. I contacted the GoDaddy support and they gave these instructions:
In order to make changes we need the nameservers and the nameservers will be provided by the host that is aws
Once you have the nameservers, Please open the dns page
You will see 2 nameservers that are for godaddy
Click on change option and then select I will use my own nameservers and then update the nameservers that will be provided.
Where I can see what are the names servers used in AWS Cloudfront?
You need to setup the domain in Route53 first (eg example.com), as part of the setup you get 4 name server addresses. You change the name servers at GoDaddy to your AWS nameservers as their support describe, which authorises Route53 to host your DNS. From then on you manage your DNS from Route53, not GoDaddy (but GoDaddy are still your registrar).
Once your nameservers point to route53 follow the docs on creating an alias in route53
If you want to use your own domain name, use Amazon Route 53 to create
an alias record that points to your CloudFront distribution. An alias
record is a Route 53 extension to DNS. It's similar to a CNAME record,
but you can create an alias record both for the root domain, such as
example.com, and for subdomains, such as www.example.com.
When you change the nameservers on GoDaddy any DNS you setup there will no longer be visible on the internet, only whats in Route53. Transfer any records you have created in GoDaddy to Route53 before changing your nameservers. Ignore any DNS records you didnt create.
If theres a problem you can goto GoDaddy and reset the nameservers back to default and that will restore the previous DNS.
One thing to mention - TTL - time to live. If DNS records have a high TTL (in seconds) it means when you make changes it will take upto that amount of time for everyone to get the update. The TTL will be visible in GoDaddy, or you can search "DNS dig" to find online tools that read DNS. The TTL of the NS records might be high (days, a week etc) - this will effect how long it takes Route53 to fully take over responsibility of your DNS.
I already have a domain, like exmaple.com and I have a simple app running on an ec2 instance.
I've allocated an elastic IP for this instance, and created a zone on route 53, created A record, and also an alias record.
I have updated the nameservers from route53 NS records in GoDaddy domain settings(and I should mention that I've waited 48 hours for ns to be propagated, and that part is fine).
When I ping example.com on my own computer, the DNS Name resolve to the correct IP address.
When I check the elastic IP, it's working and shows my website, but when I check example.com it does not show my app and shows This site can’t be reached:
this is a screenshot of what it shows
I cannot see where's the problem!
Based on the comments.
The issue was due to using https, rather then http. The http connection works. To setup https the following general procedure needs to be undertaken:
Get a public SSL certificate. Since you are using instance, you can't use AWS ACM for that. In this case a popular choice is https://letsencrypt.org/ where you can register free SSL certificate for your domain and its subdomains.
Setup ssl connectivity on your instance. Often this is done by using nginx as a revers proxy. The nginx will provide HTTPS for your instance using the SSL certificates from step 1.
Open port 443 (HTTPS) in your security group.
The alternative is to front your instance with an application load balancer (ALB). Using it, you can easily get free AWS ACM free certificate and deploy it on the ALB. No actions required on your instance in this case.
Recently, I started searching about security procedures and came across SSL. Actually, I already knew about SSL, but I found to be too expensive at the time.
Luckily, yesterday I found out that Amazon gives SSL certificates for free!
However, I have spent a whole day trying to set it up but it didn't work.
I have a domain registered at GoDaddy, let's assume its www.mydomain.com. My website is hosted, however, on Amazon Web Services (AWS). I also have access to edit the GoDaddy's DNS records and full access to my AWS account. I have seen LetsEncrypt, but my website runs in ASP.NET (IIS Windows) and currently they only support Linux OS.
Here's what I've tried to do:
Get a SSL Certificate from AWS Certificate Manager
I have chosen to setup via DNS, which means I had to add a CNAME record to GoDaddy domain records.
If you look above carefully on the two images, the CNAME record on AWS is on the center of the page. I've added a record as CNAME containing the values.
Add HTTPS to Load Balancer Listeners:
Allowed HTTPS on Security Groups
NOTE: Both Inbound and Outbund rules are just like above. I have also set the Load Balancer and my Running Instance to use this security group.
Added records to Route 53 Hosted Zones
The A type record points to my instance IP.
The NS record was generated by Amazon (I added GoDaddy's Name servers as well).
The SOA record was generated by Amazon and I didnt touch it.
The CNAME was added by me, It's again the SSL protocol.
I don't know what else to do or if I have a wrong setup.
If I'm not mistaken, you have an EC2 instance behind an ELB (Classic/Application/NLB), requested an ACM certificate which has been issued successfully for *.mydomain.com, created HTTPS listener to use the SSL certificate but getting connection time out on port 443.
The issue is the DNS record of mydomain.com still points to the EC2 instance's IP, which might not be listening on port 443 (and the ELB is not being used at all).
So, to resolve this, you have to use the ELB's DNS name and use it as CNAME in your DNS record (not sure whether in Route 53 or GoDaddy because I don't know which is authoritative NS).
Also, you might consider requesting a new certificate with mydomain.com and *.mydomain.com and update the listener because ACM cert with *.mydomain.com does not protect mydomain.com.