0

I set AWS Cloudfront with EC2 origin but have some problems here my setting:

1.Alternate Domain Names (CNAMEs): xyz.com.

2.SSL Certificate: created by ACM.

3.Custom SSL Client Support: Clients that Support Server Name Indication (SNI).

4.Origin Domain Name is EC2 Public DNS.

5.Origin Protocol Policy: HTTP only.

6.Minimum Origin SSL Protocol: SSLv3.

7.Viewer Protocol Policy: Redirect HTTP to HTTPS.

8.Allowed HTTP Methods: GET, HEAD.

Problems:

1.when I call CloudFront Domain Name which is a3xxxxxx.cloudfront.net, it redirects to EC2 public DNS, not CNAME. Cloudfront DNS

ECS Public DNS

2.still see in my browser "your connection to this site is not secure".

3.I set Route53 to Cloudfron DNS but I got the error "too many redirect" in the browser.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Mehran
  • 11
  • 4
  • Can you provide details of how did you set ssl? What exactly are your Route53 records, how do you access your domain? – Marcin Feb 27 '21 at 01:58
  • Route53 at the moment route to EC2 public IP address but when I changed to Cloudfron domain name I got an error on the browser. – Mehran Feb 27 '21 at 02:19
  • I selected Custom SSL Certificate (example.com) with the same name xyz.com for both SSL in ACM which is integrate with CloudFront and CNAME – Mehran Feb 27 '21 at 02:27
  • What does it mean " it redirects to EC2 public DNS"? CF does not redirect to anything. You have to be more specific in your question. What exactly is happening? You can provide screenshot of your errors or setup? – Marcin Feb 27 '21 at 02:35
  • Screenshots added – Mehran Feb 27 '21 at 03:51
  • What happens when you access using your domain xyz.com? – Marcin Feb 27 '21 at 04:11
  • 1
    The redirection from a3xxxxxx.cloudfront.net to EC2 shouldn't happen. What are your CF distro settings. Did you set something that could make such a redirection? – Marcin Feb 27 '21 at 05:21
  • domain xyx.com is going to site, though, because in Route53 still route to EC2 public IP. i didn't change Route53 to CF domain(if it is the right approach. i dunnno) – Mehran Feb 27 '21 at 07:31
  • I shared all setting in question. I didn't set anything else – Mehran Feb 27 '21 at 07:32

1 Answers1

0

I found the problem in behaviour part, I have to select "Use legacy cache settings" and "Cache Based on Selected Request Headers" select All because I don't want cache just need ssl.

Mehran
  • 11
  • 4
  • Could you please help me I am sitting with the same issue. I am assuming you did not use a load balancer right? I also used my EC2 as domain for CF dsitribution, then pointed my domain (URL) with A record to Cloudfront, but getting 502 error when typing my domain in browser. – Franco Nov 15 '22 at 11:46