I have a CloudFront resource sitting in front of my S3 bucket. It's accessible at —
https://<id>.cloudfront.net
but if I hit —
<id>.cloudfront.net:443
I get a 400 Bad Request. I want to point to CloudFront in my HAProxy configuration, but I can't use the 443 port because of the above-mentioned issue. Nor can I use the https URL protocol in the server statement.
backend my_cloudfront_app
http-response set-header Strict-Transport-Security max-age=31536000
server my_server <id>.cloudfront.net:443
How can I hit HTTPS cloudfront from this server block in HAProxy?
I assume You will need to add some infos to the request headers for the cloudfront backend.
This example works with HAProxy 2.0
backend my_cloudfront_app
http-response set-header Strict-Transport-Security max-age=31536000
# Add backend header for cloudfront backend request
http-request set-header Host <id>.cloudfront.net
# maybe you will need to add a S3 prefix to the request path
# http-request set-path <CLOUDFRONT_S3_Prefix>%[path]
server my_server <id>.cloudfront.net:443 sni str(<id>.cloudfront.net) ssl verify none
Related
I have a Saas product which allows my end-user to bind their own domain to manage their products but I encountered an issue when I try to redirect those requests that is originally not requested by "http" to "https", the site will return "too many request redirection". Meanwhile, I do not want to configure port 443 into my nginx configuration as some of scenario, some of the request path might not need to neccessary to have "https". If I configured the force redirection in nginx which means all the request must served under "https" which might leads all of the request path is served via "https" but what I want to achieve is only some of the request path served under https only.
Below is the code that used to achieve the force redirection from http to https
if (!$request->secure()) {
return redirect()->secure($request->path());
}
I have developed an api in laravel and then there is no ssl certificate installed and all working good. But after some time, I have install ssl certificate but now the api's not working in my mobile app but it's working in postman.
the response getting from you have not passed any header but in actual I have passed header.
I have just made one changes http->> https in url.
You would need to update the code in your mobile app to point to https, instead of http.
If you are hosting your API with Nginx, you can redirect HTTP -> HTTPS requests by modifying your config such as:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
This will automatically redirect any HTTP request to its SSL equivalent.
My questions is simple, but I cannot find an answer and I haven't got any resources to test it myself.
Can I make HTTPS CORS request from one domain to another HTTPS domain?
Can I make HTTP CORS request from one domain to another HTTPS domain?
I know that I can do HTTP CORS request from one domain to another HTTP domain, but I don't know if there is any difference when I use HTTPS.
Yes you can do a CORS request from a HTTPS domain to another HTTPS domain.
The only difference is because HTTPS is a secure origin, you can only make call to secure origin, so not to HTTP, the browser will block it with a message like:
Mixed Content: The page at 'https://example.com/index.html' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example2.com/endpoint'. This request has been blocked; the content must be served over HTTPS.
Warning: If you allow http requests to call your https webpage, it will be insecure because it means an attacker can force requests to your https webpage with the cookies of a victim and read the answer
Beware if you still need to support IE8/IE9 and are using XDomainRequest as it does not support cross-protocol requests. As per MDN:
The origin's security protocol must match that of the requested URL. (http to http, https to https). If these do not match, the request will error "Access is Denied".
Using the routing rules as mentioned here: Set up DNS based URL forwarding in Amazon Route53
<RoutingRules>
<RoutingRule>
<Redirect>
<Protocol>https</Protocol>
<HostName>dota2.becomethegamer.com</HostName>
<HttpRedirectCode>301</HttpRedirectCode>
</Redirect>
</RoutingRule>
</RoutingRules>
I am able to see that http://becomethegamer.com properly redirect to https://dota2.becomethegamer.com but https://becomethegamer.com times out.
I thought it was the Protocol piece but realized that's the outbound rather than inbound.
This is in a bucked named becomethegamer.com and in Route 53 becomethegamer.com is an alias with the target as that bucket.
What could be causing https to not redirect?
No, it's this:
The website endpoints do not support https.
http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html
You can't redirect an https request without speaking https, and additionally, you need an SSL certificate that's valid for the hostname.
You can still do exactly what you're trying to do, but you'll need to use CloudFront in front and S3 in the back. Your S3 redirection configuration stays the same, but you'll create a CloudFront distribution, configure your domain name as an alternative domain name there, load your SSL cert into CloudFront, use the bucket-name.s3-website-xx-xxxx-xx.amazonaws.com web site endpoint (from the S3 console) as the Origin server, and point Route 53 to CloudFront instead of S3.
http://docs.aws.amazon.com/gettingstarted/latest/swh/getting-started-create-cfdist.html
I have set up a meteorjs application in Amazon EC2 and its bind to subdomain like(dev.xyz.com).
I have added HAProxy to it with this settings of HAProxy:
frontend www-http
bind 0.0.0.0:80
reqadd X-Forwarded-Proto:\ http
default_backend www-backend
frontend www-https
bind 0.0.0.0:443 ssl crt /home/ubuntu/haproxycert/host.pem
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
#server www-1 171.30.0.185:80 check
server www-1 127.0.0.1:3000 check
I have added loginButtons in the template but when I click the login with the services its taking the redirect url as http://xx.xxx.xxx.xx/_oauth/google?close , instead of
http://dev.xyz.com/_oauth/google?close.
xx.xxx.xxx.xx is the ip of the ec2 instance.
I would very much appreciate if anyone can point me what I have missed or what is wrong in the configuration.