-1

Can anyone please help me to figure out redirection issue with AWS application load balancer?

I have -

  • Deployed React JS app on EC2 - Ubuntu 18.04 with Nginx
  • Obtained SSL from AWS ACM
  • Attached ALB to EC2 instance, added 2 listeners - PORT 80, PORT 443 (Forwarding request to target group on PORT 80)
  • added CNAME record www pointing to ALB

Also, I have added redirect rule in listener 443 as -

enter image description here

But when I am visiting my site like - https://exampledomain.ai it throws DNS_PROBE_FINISHED_NXDOMAIN

Update: When I visit -

mydomain.ai //redirected to https://www.mydomain.ai
http://mydomain.ai //redirected to https://www.mydomain.ai
http://www.mydomain.ai //redirected to https://www.mydomain.ai

Is there anything else I am missing? Please help

Sachin Vairagi
  • 4,894
  • 4
  • 35
  • 61
  • "nxdomain" means that the hostname couldn't be resolved through DNS. Check if it's a local problem by entering the domain name here: https://dns-lookup.jvns.ca/ If it comes up empty, here are some things you can check: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/troubleshooting-domain-unavailable.html – legoscia Apr 01 '21 at 11:28
  • 1
    80 to 443 listener rule should be on HTTP:80 listener right? but screen shot showing on 443 listener rules. Also rather than giving the entire host name try giving `#{host}` , i.e redirect to `https://#{host}:443/#{path}?#{query}` – Balu Vyamajala Apr 01 '21 at 11:29
  • "added CNAME record www pointing to ALB" - what about `exampledomain.ai` record to alb? – Marcin Apr 01 '21 at 11:33
  • @BaluVyamajala This is not about redirecting 80 to 443. Its about redirecting `https://exampledomain.ai` to `https://www.exampledomain.ai` from what I understand. – Marcin Apr 01 '21 at 11:34
  • @Marcin you are right.. just woke up from sleep, heading itself says https to https :) , adding both domain `exampledomain.ai` and `https://www.exampledomain.ai` to same ALB ? and doesn't rule apply each time? – Balu Vyamajala Apr 01 '21 at 11:40
  • @BaluVyamajala Could be. So once you solve `DNS_PROBE_FINISHED_NXDOMAIN` you may find yourself in a loop anyway. – Marcin Apr 01 '21 at 11:50
  • @Marcin - I have added more details, can you please check – Sachin Vairagi Apr 01 '21 at 12:20
  • @legoscia - I am not using Route53, is it necessary to use either Route53 or add an A record set at DNS provider side? – Sachin Vairagi Apr 01 '21 at 12:21
  • @sachin-vairagi Have you sorted this? I have same problem. Looking at the answers none of them actually answered the question. I have same situation: 1. Load balancer redirect from 80 to 443 works for non-www and www 2. Route53 has an alias from example.com to www.example.com and www.example.com points to ASG 3. Route53 can NOT point to ASG because nginx does not know of SSL certificate path beacuse it is managed by AWS Certificate Manager that is then attached to ELB So how do we redirect `https://example.com` to `https://www.example.com`? – slejnej Feb 28 '22 at 12:29
  • @slejnej - Yes, I have resolved this issue. Please share more details about your error. – Sachin Vairagi Feb 28 '22 at 12:35
  • @sachin-vairagi tested all possible Route53 combinations (alias to another record -> www, alias to ASG) and with custom Listener on 443 to redirect to `https://www.#{host}:443/#{path}?#{query}` and always response is `Connection timed out`. Curl does not reach the box nginx in any combination. – slejnej Feb 28 '22 at 12:43
  • @slejnej - You also need to forward "non-www" traffic to "www" via your DNS provider. – Sachin Vairagi Feb 28 '22 at 12:55
  • 1
    @sachin-vairagi this is done via Route53, but no response on either. A record alias to www nor A record alias to ELB – slejnej Feb 28 '22 at 13:02

1 Answers1

-1
  1. Create redirection rule on port 80 enter image description here

2. Go to route 53 and create a new cname with example.com and point to the same ALB.

Now it will work.

megasubhash
  • 109
  • 4
  • this is not related to the question. Adding a rule for port 80 will not resolve the problem in question where redirect needs to happen from 443 to 443. – slejnej Feb 28 '22 at 12:19