We are using CloudFlare service for CDN, Security and other services. And we are using Ajaxsnapshot for creating snapshots for Search Bots. The problem is we are getting Error 1000 - DNS points to incorrect IP. When we switch off CLoudFlare settings, Ajaxsnapshot API works and is able to create snapshots.
How to solve it so we can use both the services?
You should contact CloudFlare support so we can look at your DNS zone file. It sounds like something isn't set properly in DNS, or you're pointing to an IP that it shouldn't be.
Related
I’m trying to use HTTPS on my EC2 instance.
Currently, my URL looks like this: 192.168.0.1:8443 and works great.
However, due to HTTPS requirements by Stripe and other applications, I need the url to look like this: https://dev.domain.com
I should add that I am using Cloudflare as my DNS Manager.
I’ve tried Googling how to set this up with no luck. Maybe I’m searching for the wrong thing.
Can someone help me achieve this setup?
Thank you in advance!
You need to configure route53 to create a hosted zone for your website and then you need to add record set where you will point your ec2 server's ip for the particular website request.please follow the link for detailed instructions to setup website with ec2
AWS link
Which web server (httpd/IIS) you enabling on this EC2 instance?
try these steps if it is Linux box
SSL-on-an-instance
I ended up adding rules for ports 80 and 443 to my EC2 instance, and then telling Apache to listen on port 80 instead of 8443. This allowed me to remove the appended :8443 in the URL and I was able to copy the DNS info into Cloudflare as a CNAME and begin using my domain name. Before, I wasn’t able to use my server info as it had to have :8443 appended to the URL which Cloudflare doesn’t like.
I am a beginner in both Cloudflare and Proxy service, so I want your help in setting up a Proxy Server that uses Cloudflare. What I want to achieve is that user uses my proxy server in his browser settings, that proxy server itself uses Cloudflare.
I installed Squid3 on Debian server, and can use the server IP address as proxy settings in the browser, and all website loads fine. So I setup my Domain with Cloudflare Nameservers and within Cloudflare settings I put A record to my proxy server.
Now when I set that Domain name as the Proxy settings in the browser, only those websites load which are using CloudFlare's nameservers. All other websites show me Cloudflare's Error: 1001 - DNS resolution error.
My question is, is it possible to achieve what I am trying? If it is then what is the problem in this case?
CloudFlare only reverse proxy services meaning for a given domain we'll sit in front of your origin server and proxy all requests using a change to your DNS. Our self-service products don't allow you to proxy connections from a client to the internet in general.
If this is behaviour you're after, it's best to contact CloudFlare's sales team so something bespoke can be worked out.
We have a hosted website that uses Cloudflare to improve website speed performance and load times. As such, the DNS details for the site currently include:
-MX records leading to the hosting provider for emails.
-CNAME record for the hostname to be routed via Cloudflare for website performance
We recently decided that we wished to move our email mailboxes from the hosting provider to Microsoft Exchange. However, Microsoft has advised that as part of the migration process, we need to create a CNAME record in CloudFlare to allow for autoconfiguration of Microsoft Outlook to pickup mailbox settings associated with the hostname. However, CloudFlare only allows for 1 CNAME to exist which is currently used to route website traffic via CloudFlare.
Question: I don't want to get rid of CloudFlare services by changing the CNAME record to point to Microsoft's outlook configuration address for Exchange. Is there anyway that I can create an additional CNAME record? I came across CNAME flattening but i'm not sure if it would be applicable in this scenario or what the steps would be to implement it. This surely can't be the first time someone has wanted to have their website traffic routed via Cloudflare but their hostname also to be used for Microsoft Exchange email.
I'm hoping there is some creating way around it, even if it's creating a subdomain (e.g. traffic.domain.com) which one CNAME can route web traffic to CloudFlare to while another subdomain (mail.domain.com) has a CNAME to route to Microsoft's outlook autoconfig.
Any help or advice would be appreciated.
Please open a support ticket and we can assist. If we are managing your DNS fully, there is no limitation to the number of CNAMES in settings. You should still be able to put a CNAME in your DNS settings pointing to Microsoft.
I am developing an app (RoR + Heroku) which allows users create their own websites either using my subdomain (pagename.myapp.com) or using their own domain (pagename.com).
An important point of this is that this option is the key of my business: subdomains are the free plans and custom domains are the paid ones. So I have a table where I store the custom domains of each user and check if this page is active (exists and has paid the quota).
For that I need to give users the capability of point their domain to my servers. All we know that Heroku don't recommend the use of DNS A-Records.
Also I would like to abstract as much as possible this feature to being able to switch my infrastructure (Heroku to AWS) in the future without having to ask all my users to change their DNS Zone. Taking this into account, I think that the best option would be run something like an EC2 proxy (using AWS Elastic IP) which give me the ownership of this IP. This proxy I think that should redirect to proxy.myapp.com, and I would resolve the request in the app level.
Due to I didn't find clear information about that, I am not sure if this hypotesis is the best solution and how to setup the proxy (which type of proxy use? Nginx maybe?).
Said that, I would like to ask recommendations/best practices to solve this "common" feature.
Thanks
What you are wanting to do is fairly straight forward to implement. Your assumptions are correct about setting up the proxy. Nginx or haproxy will both work great for this (I personally would use haproxy). Here are some of the gotchas that you will run into though:
Changing the host header at a proxy server can cause the end web application to generate incorrect links. You can use relative paths to fix this, but it requires that the web application developer to be aware of the environment that they are running in.
user connects to www.example.com (proxy server)
proxy server connects to www.realdomain.com (web app)
the web app has a link for a shopping cart. www.realdomain.com/shoppingcart
the end user clicks on the link but the link is www.realdomain.com/shoppingcart instead of www.example.com/shoppingcart
The cost of the host acting as the proxy server. This can spiral out of control really quickly. For example, do you want redundancy, if so how are you planning on implementing that? Do you plan on having ssl termination? If so you will have to increase the CPU count to accommodate the additional load. Do you want to have a secure connection to heroku from your proxy? If you do then you will need to increase the CPU count for that as well. You may have to add additional ram as well depending on the number of concurrent connections.
Heroku also changes their load balancers regularly. This is important because your proxy service will need to reload the config / update the ip addresses of the heroku instances every 60 seconds. In my experience they may change once or twice a day, but the DNS entry that they use has a 60 second TTL. That means that you should make sure that you are capable of updating your config up to every 60 seconds.
My company has been doing something very similar to this for almost a year now. We use haproxy and simply have it reload the config regularly. We have never had an outage or an interruption to our end users. Nginx is also a very good product. It has built in DNS caching so if you go that route you will need to make sure that you configure it correctly so that the DNS cache TTL is 60 seconds.
Will many of your clients want to use your app on their domain apex? E.g. example.com rather than theapp.example.cpm? If not, I would recommend having them CNAME to proxy.myapp.com which CNAMEs to myapp.herokuapp.com. Then, you can update proxy.myapp.com without customer interruption.
If you do need apex or A record support, you would want to set up Nginx as a reverse proxy for your Heroku app. Keep in mind that if you need HTTPS support for client domains, you will need to do some sort of certificate management on your proxy.
I like the answer dtorgo gave and that he mentioned the TLS termination, which many online tutorials on custom domains don't touch at all.
I'll go into more detail on how to implement the custom domains feature for your SaaS while also handling the TLS/HTTPS.
If your customers just CNAME to your domain or create the A record to your IP and you don't handle TLS termination for these custom domains, your app will not support HTTPS, and without it, your app won't work in modern browsers on these custom domains.
You need to set up a TLS termination reverse proxy in front of your webserver. This proxy can be run on a separate machine but you can run it on the same machine as the webserver.
CNAME vs A record
If your customers want to have your app on their subdomain, e.g. app.customer.com they can create a CNAME app.customer.com pointing to your proxy.
If they want to have your app on their root domain, e.g. customer.com then they'll have to create an A record on customer.com pointing to your proxy's IP. Make sure this IP doesn't change, ever!
How to handle TLS termination?
To make TLS termination work, you'll have to issue TLS certificates for these custom domains. You can use Let's Encrypt for that. Your proxy will see the Host header of the incoming request, e.g. app.customer1.com or customer2.com etc., and then it will decide which TLS certificate to use by checking the SNI.
The proxy can be set up to automatically issue and renew certificates for these custom domains. On the first request from a new custom domain, the proxy will see it doesn't have the appropriate certificate. It will ask Let's Encrypt for a new certificate. Let's Encrypt will first issue a challenge to see if you manage the domain, and since the customer already created a CNAME or A record pointing to your proxy, that tells Let's Encrypt you indeed manage the domain, and it will let you issue a certificate for it.
To issue and renew certificates automatically, I'd recommend using Caddyserver, greenlock.js, OpenResty (Nginx).
tl;dr on what happens here;
Caddyserver listens on 443 and 80, it receives requests, issues, and renews certificates automatically, proxies traffic to your backend.
How to handle it on my backend
Your proxy is terminating TLS and proxying requests to your backend. However, your backend doesn't know who is the original customer behind the request. This is why you need to tell your proxy to include additional headers in proxied requests to identify the customer. Just add X-Serve-For: app.customer.com or X-Serve-For: customer2.com or whatever the Host header is of the original request.
Now when you receive the proxied request on the backend, you can read this custom header and you know who is the customer behind the request. You can implement your logic based on that, show data belonging to this customer, etc.
More
Put a load balancer in front of your fleet of proxies for higher availability. You'll also have to use distributed storage for certificates and Let's Encrypt challenges. Use AWS ECS or EBS for automated recovery if something fails, otherwise, you may be waking up in the middle of the night restarting machines, or your proxy manually.
If you need more detail you can DM me on Twitter #dragocrnjac
Is it possible to host mysite.com/ from ec2 and mysite.com/logo.gif from cloudfront?
No, you won't be able to make the part of the URL after the domain name influence the DNS lookup for mysite.com. However, if you're willing to settle for something like "images.mysite.com/logo.gif", you can easily resolve images.mysite.com to your CloudFront distribution using a CNAME.
You could also configure the web server on your EC2 instance to redirect or proxy to CloudFront - but then your server is still getting hit every time that resource is loaded, which eliminates most of the benefit to using a CDN in the first place.
In a way, you can. You would need to use a reverse proxy on your web server at mysite.com.
http://en.wikipedia.org/wiki/Reverse_proxy
To agree with David (above), you can set up a DNS CNAME for your CloudFront distribution, but the best you could do would be a subdomain of your site. It's a better way to do things anyway, if you follow Yahoo! or Google website performance guidelines.
developer.yahoo.com/performance/rules.html
code.google.com/speed/page-speed/docs/rules_intro.html