I have followed the below steps to make it https but still i am seeing the site is insecure.. what else i am missing?
Uploaded content in S3 Bucket
Created EC2 Instance with security group for port 22 and 80 to allow 0.0.0.0/0
Installed apache and started the services in the ec2 instance
Created ELB and added listeners to route
http to https
https to target group
Registered Target and when I launch url (DNS name in ELB), I am getting still insecure..
Thanks,
Chandra
when I launch url (DNS name in ELB)
You can't use the ELB's DNS name if you want to use SSL, because you won't be able to have an SSL certificate that matches that DNS name. You have to point a domain name at the ELB that you own, and use an SSL certificate that matches that domain name.
Related
I tried creating an Amazon EC2 instance with an elastic IP address. In there I deployed a MEAN app by Bitnami.
On the other hand we have a CPanel (not deployed in amazon, I think it's Apache, not sure, I'm not the one who deployed it)
Cpanel is already pointing to www.example.com so we can access cpanel via www.example.com:2082 but the default www.example.com:80 is blank/empty. We are using Cpanel for our mailing server.
What I need to do is to point Amazon EC2 public IP and DNS to www.example.com:80. Can I set it up in Cpanel DNS Zone Editor? or do I need to set up Amazon Route 53? what do I need?
If I create a new A record in Cpanel DNS Zone editor for Amazon I lose access to Cpanel www.example.com:2082. I'm really confuse right now. Please Help.
You need to introduce a Proxy server in between to do this, As in DNS you can't set the ports, for each type of requests ports are already defined.
You can add nginx or haproxy or any other reverse proxy server, which will accept all the requests and passes on the request to appropriate hosts on appropriate ports.
I know it's a bit late but just in case you still need it or someone comes across this:
No need for a proxy.
You point the A record for example.com to EC2 IP.
CNAME for WWW to example.com
Then you should have an A record for mail.example.com for your cPanel IP
Your MX records should point to mail.example.com and not to example.com.
And you can access cPanel at mail.example.com:2082 or whatever the server's IP or main hostname is. The main hostname has the advantage that you can use port 2083 for SSL cPanel connections
Just make sure the e-mail clients use mail.example.com and not example.com as the connecting mail server.
I was able to get Cloudfront working with an S3 instance, but I'm stuck with EC2 (I'm new to AWS). My Go server is accessible via elastic IP on port 443.
When creating the Cloudfront distribution, I used my EC2's public DNS (IPv4) as the Origin, HTTPS only, alternate domain names to the host zones I've defined in Route43, custom SSL certificate from Certificate Manager (which is issued). The status of the Cloudfront distribution is Deployed and State is enabled.
If I try to access the Cloudfront distribution by using the subdomain I've setup, and I simply get "Sever Not Found". If I try to access the Cloudfront distribution using the given Cloudfront domain name, I get "502 ERROR The request could not be satisfied. CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. "
Are there more steps I'm missing to the process? I thought I could use EC2 as an origin.
DNS with Route43,
Domain registered through GoDaddy
Cloudfront domain name: d2yxz5aawjiy26.cloudfront.net
Subdomain: api.tranquility.app
Elastic IP: 35.182.112.85 running on port 443
EDIT: If it matters, I'm running docker with the app mapping port 443 to 8080 in docker-compose.
UPDATE: Perhaps something to do with https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html and that I should use a load balancer for my ec2 instance.
I ended up taking an alternative route and used Elastic Beanstalk, then switched the Cloudfront origin to the URL of the Elastic Beanstalk instance. I've added an HTTPS listener on port 443 to the load balancer and out to port 80 on the instances of the Elastic Beanstalk. I was also missing the name servers that Route 53 gave me, since my DNS is with them but Domain is with GoDaddy - so I added the four NS records into GoDaddy from Route 53.
I am hosting Tableau Server on Amazon Web Services (AWS) EC2. My domain name is ec2-xx-xx-xxx-xx.xx-xxxx-x.xxxxxxx.amazonaws.com. I would like to convert http to https, so I want to get a SSL certificate. When I asked a certificate authority (CA), they told me that my domain includes "amazonaws.com", so I couldn't get a SSL certificate. I then tried to get a SSL certificate from AWS, I received an error message.
Error message.png
This was due to the fact that I couldn't request a certificate for Amazon-owned domain name ending in "amazonaws.com".
Does anyone know how to deal with this issue?
Sincerely,
Kazumi
Looks like you need to understand the basics of the process of purchasing a domain name, assigning an IP address to the domain name, purchasing an SSL certificate etc.
Below steps are the easiest and the cheapest way to make your endpoint be served by SSL on AWS infrastructure:
Purchase a domain name eg. knozawa.com from AWS Route 53
Create a new SSL certificate free of cost using AWS
Certification Manager (ACM)
Add your EC2 instance which hosts the Tableau server behind an ELB. The ELB
should be configured to accept traffic over port 443 only. Select
the certificate created using ACM to serve for SSL traffic over port
443.
Go to Route 53, and created a hosted zone entry like
tableau.knozawa.com and add the ELB alias to the entry.
And you are done! You can now access your Tableau installation on your own domain name, serving traffic over SSL on the link https://tableau.knozawa.com
This will probably cost you and additional USD 12.00/year for the domain name, $10-$20 per month for ELB based on traffic.
I have a domain on Godaddy and using amazon Route 53 hosting. I want to create a subdomain and make it point to a subdirectory in my site. How is it possible?
I Have Tried
Using S3 bucket, but s3 settings say host a static site. My site isn't static so I believe that option won't work
I have added a subdomain on route 53 with the help of this article
How do I create a subdomain for a domain hosted through Route 53?
and then changed my server settings to make new domain point to a subdirectory using this answer
How to point domain name to Amazon EC2 subdirectory. But it didn't work. Web page shows DNS server not found
Any kind of help will be appriciated. Thanks in advance.
DNS resolves a domain name to the IP address of your server. It only resolves the first part of a URL that defines the server -- it is not involved in the remainder of the URL.
For example:
http://example.com/path/index.html
DNS converts example.com into the IP address of the server. The request for /path/index.html is then sent to port 80 of that server.
Therefore, it is not possible to configure Amazon Route 53 (nor any DNS server) to point to a subdomain of your site.
You could, however, configure your web server to recognize requests going to different domain names and serve different content to the user. For example:
http://images.example.com/foo.jpg
DNS will resolve images.example.com to the same IP address, but the web server can notice that the original request was to images.example.com, so it should serve a different set of content, or content from a desired subdirectory. This configuration would be done within your web server. If that's what you'd like to do, please consult your web server documentation or search the web for that topic.
I had the same issue.
The solution was for me to set the load balancer (Application Load Balancer) as target for sub.mydomain.com and then in the load balancer listener rules, add a rule for the subdomain (as host header value) with a redirect.
I'm running into this problem trying to link my Godaddy domain with an AWS Elastic Beanstalk instance. I found a lot of documentation on how to link an EC2 instance with a domain on Godaddy but not for Elastic Beanstalk instance. So I ended up with this URL: www.MY_SITE.elasticbeanstalk.com
Here is what I did for an EC2 instance:
I updated the Nameservers on my Godaddy domain with the ones from my Route 53 Hosted Zone.
I created a new Elastic IP on the EC2 console.
I went back to Godaddy and updated the DNS A # field from their DNS Manager, with the EC2 Elastic IP one.
You normally have to wait 1h to 48h and it should work.
How can I do the same for a AWS Elastic Beanstalk instance, not an EC2 one? I can't see the instance I created from my EC2 console in order to link it to an Elastic IP.
Hope this is clear enough.. Any help?
No need to create a CNAME or do any forwarding - this is bad from the point of SEO and not recommended by Amazon. Even you should not point a record to IP directly - it will cause a lot of troubles in the future because IP can be changed any moment.
The most elegant way is to migrate DNS service from GoDaddy to Route 53. You still will be with GoDaddy, but handling requests for your site will be on Amazon's side.
Here is what you need to do:
Create a new Hosted Zone for your site in Route 53 console:
Open newly added domain name, find NS record and copy servers:
In GoDaddy's Domain Manager export records via "Export Zone File (Windows)".
Import those records to Route 53 ("Import Zone File" button).
In GoDaddy's Domain Manager set custom DNS nameservers, obtained on the 2nd step:
Migrating might take some time (even days).
Now you can link you domain with your Elastic Beanstalk site. To do so select/create proper A record type in Route 53 and set Alias for it:
Here's what I did when I was facing the problem of linking a GoDaddy domain with AWS ElasticBeanstalk.
DNS Manager:
A record #: 64.202.189.170 (that is GoDaddy's forwarding IP btw)
Cname www: AWS EB domain (e.g. awseb-xyz.us-east-1.elb.amazonaws.com)
Forwarding:
Forward Domain to www.example.com (forward only, without masking)
Forward Subdomain to AWS EB domain (e.g. awseb-xyz.us-east-1.elb.amazonaws.com) (with masking)
In order to access the site without www (e.g. http://example.com), I had to set up the forwarding of the domain to the www cname. This www cname then gets forwarded to the AWS EB domain (with masking in order to keep www.example.com in the address bar).
You should add a CNAME record to your Godaddy domain name that maps from www.yourGoDaddyDomain.com -> MY_SITE.elasticbeanstalk.com.
That will direct requests to your domain name to the load balancer that is running in your elastic beanstalk environment. You don't want to route your domain name to a specific server (i.e. an elastic IP), you want it to go to the load balancer and that will route requests to your server(s). Since AWS Load balancers don't use IPs (they use domain names), you don't want to set up an A record for this - a CNAME record maps domain names to domain names.
Look at the "Adding or Editing CNAMEs" section of the GoDaddy documentation on how to do this.
Your route53 configuration has to point to the load balancer, not the ec2 instance