A(Host) Records with AWS Load Balancer - amazon-web-services

I have a question regarding AWS Load Balancers.
I can point my CNAME www to my load balancer's DNS perfectly and i know it will always work, BUT I also need to point the # record to the load balancer so people can access mysite.com instead of www.mysite.com and hit the loadbalancer.
The problem is that the A Records have to point an IP Address so i can't point to the DNS and the IP of the load balancer keeps changing so mysite.com stops working.
Can anyone recommend me a work around for this?

Here are the steps.
Click create record set
For zone apex record just leave the name field blank
Select the type of alias you want to make A or AAAA (all steps after this are the same for both types)
Select the yes radio button.
Open the EC2 console in another tab and navigate to the list of your load balancers.
Click on the load balancer and look at the description tab in the pane below the list. Sample output below

You need a web server that does a redirect instead. i.e. you want to send a 301 "Moved Permanently" from the web server that mysite.com points to, redirecting to www.mysite.com. Then you CNAME www.mysite.com over to Amazon.
Some DNS hosting providers will do this for you, I think GoDaddy does. Otherwise you need to set up a web server you can configure to do this.
The Apache configuration in .htaccess could be for example:
RewriteEngine on
RewriteCond %{HTTP_HOST} mysite.com
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=permanent]
If you have a generic Apache-hosting site that supports .htaccess then you could do that.
Anyway what you're looking for is a redirect.

Technically, it can't be done. You can only refer to an Amazon load balancer using a CNAME and it breaks DNS rules to assign a CNAME to the root of the domain because of issues this causes with MX records.
That said, some DNS provider do allow you to do this, Amazon's route 53 doesn't, but Zoneedit allows it (with a warning). If you don't need your email to work for that domain, this is a solution. If you do need email, mine did happen to work using Zoneedit, but the DNS rules says you can't rely on this.
Edit: After my post Amazon added the ability to map the root of a domain (a.k.a. the zone apex) to a load balancer using Route 53. See this blog post.

As David points out, you can't do it and still remain within DNS RFC. You could just build a small no load balanced instance somewhere that just redirecs mysite.com -> www.mysite.com. Not a totally elegant solution, but a work around..

Amazon now has functionality in Route53 that provides a mechanism for binding A records to ELBs: http://www.allthingsdistributed.com/2011/05/aws_ipv6.html

You do NOT need a redirect, and yes it CAN be done. It's just not in the normal mode of working with DNS, so many people aren't comfortable using zone apexes with ELB aliases yet.
See the links given in other answers here, especially https://serverfault.com/questions/342904/how-do-you-create-a-zone-apex-alias-that-points-to-a-elastic-load-balancer-in-th

Amazon has added a special alias option in their route 53 DNS service. You can point an A record as an alias to the load balancer dns. I ran into this same problem because I host my own DNS servers using Bind 9. I didn't want to use the CNAME with redirect solution. The route 53 solution is better and Amazon is great at propagating DNS info across the globe.
Here is an explanation of how to use route 53 with the special alias record for elastic load balancers.
https://serverfault.com/questions/342904/how-do-you-create-a-zone-apex-alias-that-points-to-a-elastic-load-balancer-in-th

The redirect from DNS service provider didn't work for me.
I decided to give up the use of load balancer (from the beginning i created it only to try to hack the mentioned certificate problem). If you must use LB read the opt #2 bellow i didn't try it but i think it's should work.
Opt #1 (without LB)
Take the certificate you got from the trusted issuer and install it directly on the server. Give redirect order from the server (http to https) it will handle www as well.
I used image of bitnami so i could use bncert-tool for that.
Opt #2 (with LB you should have certificate body and private key)
You should do Opt #1 and go to certificate manager at AWS-> import certificate and then use that certificate with your LB that way you have the same certificate with both cases
I never tried opt #2
Good luck

For someone who is not using Amazon Route 53 it seems like a recommended solution is to create a Network Load Balancer which then points to an Application Load Balancer, which then points to our EC2 instances.
The Network Load Balancer has a static IP Address, which is what you want.
Source: https://aws.amazon.com/premiumsupport/knowledge-center/alb-static-ip/

Related

Setting up redirection for www website to non www

We have our website hosted up on AWS EC2 instance behind the Application Load Balancer. Our Route 53 is targetting the Application Load Balancer.
Assuming we have a domain name - company.com
we have SSL registered for this domain *.company.com. We have this certificate enabled on the Application load balancer at 443 port.
We want our website hosted at subdomain - sub.company.com
Current Scenario:
When we access the website with http://www.sub.company.com or http://sub.company.com or https://sub.company.com.
With the rewrite rule for the first two, we are able to redirect to the third endpoint mentioned.
Problem arises in this particular case where we are trying to access the website with https://www.sub.example.com, It gives us a Non Secure Warning. How can we redirect this to https://sub.example.com ?
Things I have tried:
I have tried adding Rewrite rules on the webserver of EC2 Instance.
Added routing rules at Application Load balancer to redirect it at https://sub.example.com
Both of these solutions are not able to resolve the problem, It's maybe because SSL validation is happening at the first step of connection establishment before it reaches to load balancer layer.
How can we resolve this?
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level.
For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. then you have to request a separate certificate for *.login.example.com

How to configure a static website (only http) on GCP without a load balancer?

I have a very simple website that I want to host in a GCP bucket. I want it to only use http (not https) and don't want to add a load balancer and most examples of static GCP websites show adding a load balancer.
The only example I could find without a load balancer shows pointing a CNAME record to c.storage.googleapis.com which would connect to the bucket that's named www.mysite.com.
So far, that works fine except that it doesn't include access to the domain without the www subdomain attached (mysite.com). And, I can't attach an ALIAS record that just points mysite.com to www.mysite.com because Google Cloud DNS doesn't have ALIAS records.
It seems like there would be a pretty simple solution but I'm stumped.
By design you cannot create a CNAME record in a "root" domain level. It has to point to a subdomain. Unless you're pointing it to other domain.
By design buckets are served using CNAME record such as www.mysite.com pointing to c.storage.googleapis.com.
So you're forced to use www prefix or other subdomains.
There's a mention in the documentation of a possibility to serve bucket using A record.
You can use a bucket name in a DNS record as part of a CNAME or A redirect which gave me an idea.
But it's a "brittle and hardwired" solution
You need to create bucket named "mysite.com" with the copy of your site.
Then you go to your managed zone and edit A record to point to the IP of c.storage.googleapis.com which is 74.125.143.128 (at least at the moment I was writing this). Next you change your CNAME record www.mysite.com to point to mysite.com to redirect www to non www.
Then wait until the changes propagate and you're set :) I tested it and it works. I don't like to wait so I changed TTL's of all records involved to 1 minute.
Then you'd ask yourself why I wrote it's "brittle and hardwired" ? It will work until someone will change the IP of c.storage.googleapis.com.
Maybe there is some other way to set up DNS records to point to c.storage.googleapis.com instead of IP but I wasn't able to figure this out.
If you don't change your CNAME record and leave it pointing to
c.storage.googleapis.com then you can have to sites (identical or not it's up to you). One available with www - other without.

Create IP address for load balancer? [duplicate]

I had a question about using the URL in my Load Balancer - and using it as the A Record for my DNS entry via GoDaddy...GoDaddy doesn't allow a URL, and insists on the A Record being an IP address and no other format. But I don't see this option available in the Load Balancer I created, only a URL.
What I have so far is this..
I've created a Load Balancer successfully using both HTTP and HTTPS, along with the RapidSSL cert I purchased and imported.
When I open my new Load Balancer item in EC2 dashboard, under the Description tab, I see an auto-generated URL next to DNS Name: http://ACThttp-617756314.us-east-2.elb.amazonaws.com (A record)
The above URL works fine in my browser. I went to plug this into GoDaddy'a A record in the DNS settings --- but apparently GoDaddy only allows an IP address to be used as an A Record...and not a URL like the one generated by EC2. I find this confusing since it literally says "A Record" next to this generated URL in my Load Balancer.
Does this mean I need to generate an IP Address inEC2 dashboard, so that I can use it in GoDaddy DNS settings? I'm guessing this is done via Route53...or could I skip this altogether and still find a way to connect my new Load Balancer to my DNS A record some other way?
However this is done, any help would be appreciated. If Route53, what are the exact steps I need to take? Or any other solutions, as much detail you could provide would be so so so helpful.
I've done this a few times successfully in the past, but it was a while ago and I can't recall how I connected them to the DNS properly.
Thanks!
You should use a CNAME record (not an A record).
A CNAME record points to another DNS name, whereas an A record points to an IP address.
Load Balancers should always be addressed by their DNS Name, so use a CNAME record.

Amazon Route 53 Issues

I have a hosted zone in Amazon Route 53 service and a domain name on a registrar.
In the registrar, my DNS configurations are correctly inserted, with the four address provided by AWS when I create the hosted zone.
In the Route 53 control panel, I have the NS and SOA proper configured as it came configured when I created the hosted zone.
I also created a A Redirection : mydomain.com.br -> xxx.xxx.xxx.xxx (elastic IP)
I'm able to reach my EC2 instance with the A Record: If I type mydomain.com.br on browser it works fine.
My problem is that I'm unable to reach the CNAME's that I've created.
I have a CNAME rule: www.mydomain.com.br -> mydomain.com.br/site but when I put www.mydomain.com.br I get a DNS error on my browser.
The strangest thing is that if I consult www.mydomain.com.br on a site like https://www.whatsmydns.net it points to www.mydomain.com.br/site, which is the correct redirect. The DNS resolution aparently works fine, but I can't get it on the browser.
Any help would be nice. Thanks.
ps: I alredy tried to ipconfig/flushdns and clear chrome's cache
Try this:
Delete that CNAME record
Add an A record in Route53
Name the A record 'www' it should automatically make that www.mydomain.com.br.
Check the ALIAS-yes box
Select mydomain.com.br. from the dropdown box (note there is a PERIOD on the end)
Save and Wait about 5 minutes.
A better (and still very cheap) way to do this might be to set up a 301 redirect in an Amazon S3 bucket. Here is a link to Amazon's tutorial:
http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
Do you have a "www" A record which is pointed to your EIP?

route53 naked domain not reaching amazon elastic load balancer

I`m currently using route53 for 2 domains that points to the same website.
Lets assume they are www.example.com and www.example.com.xx, I`ve created 2 hosted zones and maintained the configuration created by default. So, initially I had entries for NS an SOA in each hosted zone.
My EC2 instances are behind Elastic Load Balancer, so my first step was to create aliases for both domains and it naked domains, having the following scenario:
www.example.com
name type value
example.com. NS Generated value
example.com. SOA Generated value
example.com. A ALIAS to my ELB
*.example.com. A ALIAS to my ELB
www.example.com. A ALIAS to my ELB
www.example.com.xx
name type value
example.com.xx. NS Generated value
example.com.xx. SOA Generated value
example.com.xx. A ALIAS to my ELB
*.example.com.xx. A ALIAS to my ELB
www.example.com.xx. A ALIAS to my ELB
Both domains are pointing to the same ELB, where Apache configs to example.com. Then, my Django app subdomain middleware redirects to example.com(301) if request.get_host contains the .com.xx substring.
It is working perfect for both www.example.com and example.com as for www.example.com.xx, my problem is with example.com.br that never reaches my server.
I`ve already tried to make a PTR entry example.com.br -> www.example.com.br, but it was not the solution.
Anyone can point where my DNS config for this naked domain is failing?
Thank you
Firstly lets worry about example.com.br. [www.example.com.br we will take later]
Did you made changes on ur Domain registrar; so as to give DNS servers as that of Amazon ? What is the output you are getting when u do :
nslookup example.com.br
also what is the output for
ping example.com.br
Yesterday night I was able to redirect my naked domain properly, it was a bug in my brazilian provider that was dealing with the registrar. Actually, I just gave them back the control of the DNS table and took it away (returning it to route53).
Anyway, they were being used as a bridge to the registrar since I was migrating. Now I`m dealing directly with registro.br and the problem is gone.