I have a CloudFront distribution set up to point to an S3 bucket. My S3 bucket has a versioned path for its files (so for example, http://example.s3.us-east-1.amazonaws.com/static/ui/v5.53.3/). I want to configure a cache behavior that only matches the /static/ui/* path, but I want all requests to my origin to have the path /static/ui/v5.53.3. I've tried to set my cache behavior's Path Pattern to /static/ui/* and my origin path to /v5.53.3, but that doesn't seem to work.
How can I configure this with CloudFront?
Origin path
If you want CloudFront to always request content from a particular directory in the origin, enter the directory path, beginning with a forward slash (/). Do not add a slash (/) at the end of the path. CloudFront appends the directory path to the origin domain name.
In your case, origin domain name is example.s3.us-east-1.amazonaws.com. So the request that your origin sees is example.s3.us-east-1.amazonaws.com/v5.53.3/*. This is why it doesn't work.
In fact, as of May 2022, this is not possible to achieve without using Lambda#Edge. You'd have to do a custom URL rewrite in Lambda.
Related
Let's say I have an S3 bucket named example.com and I want to serve its content through CloudFront using an alternate domain example.com.
I've added a CNAME record to direct example.com to the CloudFront endpoint, and secured the domain using an AWS SSL Certificate.
In CloudFront, when I go to select the Origin, it shows my bucket. For example: example.com.s3.amazonaws.com
If I choose this origin, and I browse to https://example.com/my-bucket-item.jpg, I get redirected to https://example.com.s3-us-east-2.amazonaws.com/my-bucket-item.jpg and a "Connection not secure" SSL error appears.
If I set the origin to just the domain example.com then I get a 403 Bad Request error from CloudFront.
From what I understand, my bucket has to share the name of my domain, otherwise I get a "bucket does not exist" error.
I've followed the AWS documentation on this. What I'm doing wrong here?
Update
I successfully got CloudFront to recognize my alternate domain by changing my origin policy to Managed-CORS-S3Origin.
New problem: even though I've selected 'Yes' to 'Restrict Bucket Access', I'm still able to access files via the S3 url. Do I need to turn off public access to my bucket? If I do this, it seems to override my CloudFront policy...
I had to change my origin request policy to Managed-CORS-S3Origin - this solved the general problem for me.
I'm try to configure traefik with file backend to contact a grafana server in a LXC container.
This is my configuration file:
[file]
# rules
[backends]
[backends.backend2.servers.server1]
url = "http://192.168.255.250:3000"
[frontends]
[frontends.frontend2]
entryPoints = ["http"]
backend = "backend2"
passHostHeader = true
[frontends.frontend2.routes]
[frontends.frontend2.routes.route0]
rule = "PathPrefixStrip: /grafana"
Grafana backend listen on /
So, I can contact http://example.com/grafana but I have a redirection to http://example.com/login which does not work. But http://example.com/grafana/login responding (without css, certainly because grafana seems to use relative url).
According to the documentation :
Use a *Strip matcher if your backend listens on the root path (/) but should be routeable on a specific prefix. For instance, PathPrefixStrip: /products would match /products but also /products/shoes and /products/shirts.
Since the path is stripped prior to forwarding, your backend is expected to listen on /.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
Continuing on the example, the backend should return /products/shoes/image.png (and not /images.png which Traefik would likely not be able to associate with the same backend).
The X-Forwarded-Prefix header (available since Traefik 1.3) can be queried to build such URLs dynamically.
It seems that I have to use the X-Forwarded-Prefix header but I do not know how to use it (I did not see anything in the documentation). Maybe you can help me solve this problem ?
Regards
jmc
In fact, the problem does not come from traefik. I just forgot to specify the path in /etc/grafana.ini (root_url field). I thought it was not necessary since the incoming query does not contain the path /grafana (because we use PathPrefixStrip). But in fact, grafana needs it to indicate effective url to client.
Regards.
jmc
I'm using AWS S3 and Cloudfront to host a website (e.g. www.company.com). I want to additionally have the the naked domain (without the www) to point to the same content. I initially created a redirect in DNS but https://company.com didn't work.
I can create an apex record for the naked domain in the DNS but can I point it to the same cloudfront CNAME used for the www.company.com or do I have to create a new S3 bucket and new cloudfront distribution?
S3 to CloudFront Distribution
Create two CloudFront distributions
Request for Certificates from AWS Certificates Manager
Create CNAME with Route 53 and point the alias target to the respective distributions
Create Origin in both distributions pointing to that S3 bucket
Hope it helps.
Another solution using only one Cloudfront distribution, if redirecting company.com to www.company.com is acceptable (usually it's preferred).
Create an S3 bucket named company.com
Configure the bucket for static website hosting. Choose "Redirect requests for an object" and enter www.company.com.
Update your DNS a record to point to the bucket.
I'm having some difficulties setting up static website hosting using Amazon S3 and Cloudfront.
We have many websites that we would like to serve as static websites using Amazon S3 + Cloudfront and we would prefer to host them all in a single S3 bucket.
Initial setup is pretty straight forward but we are having issues with sub-folder redirects if omitting trailing slash in the URL.
example, setting up a single website from the bucket:
bucket contents for website1:
s3://bucket-name/websites/website1/index.html
s3://bucket-name/websites/website1/about/index.html
I have enabled static website hosting for this bucket with default document set to 'index.html'
I have created a Cloudfront web distribution to serve this single website, default root object is set to 'index.html'.
The distribution has a custom origin pointing to the static website url 'bucket-name.s3-website-us-east-1.amazonaws.com' with Origin Path set to '/websites/website1'
When navigating to the distribution url 'http://example.cloudfront.net' it correctly serves the 'index.html' document from 's3://bucket-name/websites/website1/index.html'
When navigating to 'http://example.cloudfront.net/about/' it also correctly serves the 'index.html' document from 's3://bucket-name/websites/website1/about/index.html'
But, if I omit the trailing slash like 'http://example.cloudfront.net/about' S3 redirects me to 'http://example.cloudfront.net/websites/website1/about/', since I have Origin Path set to '/websites/website1' Cloudfront will request index.html from 's3://bucket-name/websites/website1/about/websites/website1/about/index.html' which does not exist.
Am I missing something here? Is this an impossible setup using only Cloudfront and S3?
I ended up solving it by using routing rules for the S3 bucket
https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
the problem is the redirect caused by omitting a trailing slash results in the Orgigin Path being appended to the full S3 bucket path ("example.cloudfront.net/about" redirects to "example.cloudfront.net/websites/website1/websites/website1/about/" that fails because the path is invalid)
The below routing rule solves this by triggering on the faulty path pattern prefix and redirecting back to the Cloudfront distribution with the prefix stripped from the request, i.e ("example.cloudfront.net/about" redirects to "example.cloudfront.net/websites/website1/websites/website1/about/" that redirects to "example.cloudfront.net/about/")
The downside is that you need to remember to modify the routing rules when adding new distributions
<RoutingRules>
<RoutingRule>
<Condition>
<KeyPrefixEquals>websites/website1/websites/website1/</KeyPrefixEquals>
</Condition>
<Redirect>
<HostName>example.cloudfront.net</HostName>
<ReplaceKeyPrefixWith></ReplaceKeyPrefixWith>
</Redirect>
</RoutingRule>
</RoutingRules>
When changing file or directory names or "prettifying" URLs via .htaccess, I have always previously used this format:
Redirect 301 /oldfile.htm /newfile
However, according to this article, I have been doing it incorrectly all these years:
The last section is the full path to the new file. This is a
fully-qualified URL, meaning you need the http://
(http://www.domain.com/new-file.html).
Are they correct? I always use a redirect check script after writing my rules, and they always check out, even with relative paths.
The truth can be found in official docs, that says
The new URL should be an absolute URL beginning with a scheme and hostname. In Apache HTTP Server 2.2.6 and later, a URL-path beginning with a slash may also be used, in which case the scheme and hostname of the current server will be added.