0

I am facing difficulty in serving requests from test.domain.com with the configuration with a combination of AWS Certificate Manager (ACM), AWS EC2 (linux AMI), AWS CloudFront (CF), Google DNS and Apache server.

I have following setup in public_html directory:

I have 2 folders in /var/www/html

  • prod
  • test

Objective is to serve requests received from test.domain.com using test directory and the ones received from domain.com using prod directory.

The setup is working fine with acme ssl certificates ie., for production (domain.com), we are using acme SSL certificate and DNS is pointing to Elastic IP and working fine. Even test.domain.com was working fine with acme ssl setup.

However, I'm trying to switch to ACM. As it works only with CF and ELB (AWS Elastic Load Balancer), created a CF distribution.

  • Created one CloudFront (CF) distribution pointing to AWS EC2 endpoint with Origin path /test.
  • Redirected test.domain.com to CF distribution in Google DNS as the domain is registered with them.

With this setup, test.domain.com is also presenting domain.com and not the test server as anticipated.

https.conf has correct DocumentRoot for each ServerName. But, request is not hitting the virtualhost of test server..

whats missing? pls suggest..

Krishna Chebrolu
  • 145
  • 2
  • 13

1 Answers1

0

You can try below:

  1. Add both domain.com and test.domain.com to CloudFront CNAME list.
  2. ACM certificate which has common name/SAN as domain.com and *.domain.com (or test.domain.com)
  3. In CloudFront cache behavior , whiteist HOST header, this will make sure that when client access domain.com , cloudfront send the same value in host header when contacting origin.

Link: Forward host header

James Dean
  • 4,033
  • 1
  • 9
  • 18
  • Thanks @james-dean for the response. I'm now receiving ERR_CONNECTION_CLOSED error for test.domain.com. `AH00569: client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /` – Krishna Chebrolu Jul 10 '20 at 15:45
  • where do you see this error ? On the origin ? or the client ? – James Dean Jul 10 '20 at 18:02
  • CloudFront follows RFC and always adds HOST header to the origin – James Dean Jul 10 '20 at 18:04
  • error is seen in the origin `/var/log/httpd/error_log` and i guess propagated to client. – Krishna Chebrolu Jul 10 '20 at 18:48
  • after commenting out the directive on port 80 in httpd.conf, the test server is working fine. the directive on port 80 was conflicting with redirection synthetic record on DNS. However, the cloudfront distribution url is getting displayed instead of test.domain.com. Is there any remedy for this ie., if the redirection in DNS is configured to CNAME associated to CF distribution, wouldn't it work? – Krishna Chebrolu Jul 12 '20 at 07:56