Cloudfront and EC2

后端 未结 4 1799
攒了一身酷
攒了一身酷 2020-12-04 16:52

How do you setup Cloudfront in front of an EC2 instance? I\'m interested in having users hit the Cloudfront url rather than the EC2 origin.

So instead of hitting ec2

相关标签:
4条回答
  • 2020-12-04 17:26

    Leaving this answer for those, who also faced error

    502 ERROR The request could not be satisfied. CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

    If you are 100% sure that your origin has 443 port opened and the certificate on the origin is valid, you can test your Cloudfront distribution without creating a Route 53 record.

    Let's say, you own "mywebiste.com" which is running on your EC2 and your Cloudfront DistributionID is a1b2c3d4e5.

    Try this:

    curl https://a1b2c3d4e5.cloudfront.net -H 'host: mywebiste.com' -I
    

    That's all about host header. It must match with one from your origin SSL certificate.

    0 讨论(0)
  • 2020-12-04 17:29

    IP in Origin would give error: com.amazonaws.services.cloudfront.model.InvalidArgumentException: The parameter origin name cannot be an IP address. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidArgument;

    Even though AWS Documentation says you can use IP.

    Public DNS (IPv4) as Origin gives '504 error The request could not be satisfied'
    I've had that when Origin was S3 and if S3 has limited permissions. But EC2 has no permissions control. it is public.

    0 讨论(0)
  • 2020-12-04 17:35

    Use the below step to route the ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com to d111111abcdef8.cloudfront.net.

    Follow below steps:

    1. Login into your aws console and search CloudFront

    2. Go to CloudFront: Create Distribution(please select Web distribution)

    3. Under Origin Settings : Select the Origin Domain Name (you can assign the Public DNS of your instance, e.g. ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com)
    4. Under Default Cache Behavior Settings : Select Viewer Protocol Policy: Redirect HTTP to HTTPS
    5. Under Object Caching: opt customize (Remain default setting in Minimum TTL , Maximum TTL and Default TTL)
    6. Forward Cookies : All
    7. Query String Forwarding and Caching : All
    8. Distribution Settings : Select Price Class: (Use All Edge Locations (Best Performance)).
    9. Alternate Domain Names (CNAMEs)s: add your domain URL name if there is any
    10. SSL Certificate : Under SSL you can opt default or your custom certificate that depends upon your requirement.(Opt default.)

    Note : For Custom SSL Certificate (certificate should be in in us-east-1 region).

    1. It can took 10 to 15 minutes
    0 讨论(0)
  • 2020-12-04 17:39

    Would I just point my DNS to the Cloudfront url instead of the EC2 origin?

    Pretty much.

    Technically, you don't point DNS to a URL, you point it to a hostname or to an IP address, which is done a little differently with CloudFront.

    First, though... in the CloudFront distribution settings, you need to configure any hostnames that CloudFront should expect to see sent by the browser, in the "alternate domain names" box.

    For the origin, enter the ec2-...-compute.amazonaws.com hostname.

    At this point, after 10-15 minutes, visiting the CloudFront-assigned URL should take you to your server.

    Next... if your DNS is hosted in Route 53, then you'd go to the hosted zone and create new "A" records for those hostnames, setting "Alias" to "Yes," which should cause the targets box to be populated with the CloudFront distribution, which you would then select, and save the record.

    If your DNS isn't hosted by Route 53, you would instead create CNAME records in DNS, pointing to the hostname assigned to the CloudFront distribution, e.g. jozxyqkexample.cloudfront.net. The catch, here, is that you can't do this with the apex/root of your domain, because a CNAME isn't valid there... so www.example.com would work, but example.com will not. This is a limitation of DNS, and the only workaround is to use Route 53 for your DNS, because it has internal integration with CloudFront (hence the "Alias" records, mentioned above, which use internal lookups rather than external referrals, like a CNAME).

    You may also want to configure CloudFront to forward the Host header back to the origin server; otherwise when the request arrives, the hostname presented to your server in the HTTP requests will not be your domain name, and instead will be the hostname you configured as the origin host.

    Be sure, when you connect through CloudFront, that the server doesn't redirect you back to the EC2 hostname or IP (the address bar in the browser will change, if it does, and you'll want to fix your web server's config if that happens).

    0 讨论(0)
提交回复
热议问题