Hello Cloud Gurus,
Very strange issue and hope you will have a good solution for this issue. I think it might be solution from CloudFront side and is not necessary to edit any code in web server.
So here is the scenario:
Every time I am deploying cloudfront in AWS for a dynamic website it gives me some problem.
For example if cloudfront is deployed for domain example.com and web server is in ec2 based on apache, everytime I make get request from browser to example.com it returns me ec2 server hostname like: ec2-18-125-214-123.us-east-2.compute.amazonaws.com or something like this. As you know it is ec2's default DNS address given from AWS.
How can I fix this without making editing in Apache? (Without Set domain name manually in a code. Configuration in Apache looking for servers host address itself). Cloudfront is configured to redirect http to https and everything other is default. Only using certificate generated from aws cert manager for this domain.
Today I set URL manually in Apache like https://example.com and it fixed but it is often that site developer has own site engine and do not want to change anything and site host are dynamic for them. Then comes a mixed content and I am getting a cloudfront problem even it changes me web address in the browser (when I am going web site's different pages and it returns me such kind of link >ec2-18-125-214-123.us-east-2.compute.amazonaws.com/contact < for example), or even website is loading not with fully safe certificate and browser (F12 - Console) shows me "Mixed Content"
How should I fix this at cloudfront side?
P.S.
Here are shown my CloudFront configuration when I have this upper problem:
Origin Domain Name: ec2-18-125-214-123.us-east-2.compute.amazonaws.com
Origin Path: Is Default (Empty)
Origin ID: I tried to make even "ec2-18-125-214-123.us-east-2.compute.amazonaws.com" or even domain name like "example.com"
Minimum Origin SSL Protocol: Default
Origin Protocol Policy: Default
Origin Response Timeout: Default
Origin Keep-alive Timeout: Default
HTTP Port: Default
HTTPS Port: Default
Origin Custom Headers: Default
Path Pattern: Default (*)
Origin or Origin Group: It depend what I will chose "ec2-18-125-214-123.us-east-2.compute.amazonaws.com" or even domain name like "example.com"
Viewer Protocol Policy: Redirect HTTP to HTTPS
Allowed HTTP Methods: Default (GET, HEAD)
Cached HTTP Methods: Default
Cache Based on Selected Request Headers: Default (I also tried "Whitelist Headers" For "HOST")
Object Caching: Use Origin Cache Headers
Minimum TTL: Default
Maximum TTL: Default
Default TTL: Default
Forward Cookies: Default
Query String Forwarding and Caching: Default
Smooth Streaming: Default
Restrict Viewer Access (Use Signed URLs or Signed Cookies): Default (NO)
Compress Objects Automatically: Default (NO)
Lambda Function Associations: Default
1 Answers
Hi Guram,
I'm going to guess that you're not using a custom SSL cert and instead the default CloudFront default certificate. If you want to use your own custom domain name, you'll need to create an SSL cert that is tied to that domain. (example.com as you say). You can do this very easily using AWS Certificate Manager and it integrates well with CloudFront. You do need to prove you own the custom domain name though and there are several automated ways Certificate Manager can do this.
When setting up your CloudFront disto, you would select your custom SSL cert created in ACM. You then have the option of using a static IP or using SNI. SNI is the easiest and way cheaper than a static IP so I'd use that if you don't NEED a static IP.
This should allow CloudFront to serve up your content via your own custom domain without having to manually change via redirects.
--Scott
HI Scott, Thank you for your answer. But I am not using default SSL, I am using SSL for my own domain generated in AWS Cert Managar.