Setup
Route 53 Domain example.com has A record to id.cloudfront.net and AAAA record to random-id.cloudfront.net.
Cloudfront has origin domain as EC2 public DNS ec.xxxxxx.amazonaws.com and alternate domain as example.com. Also, it has a AWS certificate for SSL/TLS (for now it accepts both HTTP & HTTPS requests)
EC2 is an Ubuntu-20.04 AMI with apache2, php7.4 and phpmyadmin, all installed using apt-get.
Issue is whenever I put in example.com/* the site is automatically redirected to ec.xxxxxx.amazonaws.com/*.
Example:
example.com/phpmyadmin gets redirected to ec.xxxxxx.amazonaws.com/phpmyadmin/.
I tried to setup wordpress and example.com redirects to http://ec2-xxxxxx.amazonaws.com/wp-admin/setup-config.php`
These are the things I have tried.
Added ServerName example.com in /etc/apache2/apache2.conf
This command sudo ufw allow in "Apache Full"
I do not have .htaccess in my /var/www/html folder.
Is it a Cloudfront or an Apache issue? This is my first rodeo with AWS and Apache and trying to learn how it works.
Solutions that seem out of scope:
https://serverfault.com/questions/685654/apache-server-config-redirect-from-ip-to-domain-name-ec2
Or anything that includes creating .htaccess at the root directory as I feel that would create an endless loop.
I can provide more information, if required.
Update:
Removed A and AAAA record from route53. Doesn't work.
Also, added ServerName example.com to /etc/apache2/sites-enabled/000-default.conf
Also, visiting random-id.cloudfront.net does the same redirection.
However, visiting elastic-IP does not do any redirection.
If I correctly understand your setup, probably you need CNAME instead of A record in Route53
Traced the issue to HTTP_HOST being the ec2 public DNS received by the server. So, if I visited example.com/index.php and the code were supposed to redirect to example.com/index2.php it would instead redirect to ec.xxxxxx.amazonaws.com/index2.php because HTTP_HOST = ec.xxxxxx.amazonaws.com.
Fixed by updating CloudFront Distribution's behavior to forward Host value.
So, if I visit example.com the host value would be example.com
And if I visit id.cloudfront.net then host value would be id.cloudfront.net.
https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23
Related
I have set up a server with a wiki and Wordpress and Nextcloud on a new Domain, let's say it's testing.com. When I was finished, I wanted to change the Domain from testing.com to realdomain.com.
The server is running CentOS 7 with httpd (apache), so I changed the ServerName in /etc/httpd/conf/ to "realdomain.com". Then I changed the VirtualHosts in all the files in /etc/httpd/conf.d.
I added the new Domain to the trusted Domains of the Wordpress, Nextcloud and wiki. I restarted the httpd service and the server itself.
Yet, when I open realdomain.com in browser, it shows me my websites, but it puts testing.com in the address field.
I tried using mod_rewrite to change the URL, but then my webbrowser tells me that the site doesnt redirect correctly and that the redirects never stop.
I tried those rewrite rules in the .conf files and in the .htaccess (not simultaneously)- no success.
I removed all my files in conf.d and created a new DocumentRoot with a simple helloWorld.html - The Url still gets rewritten to testing.com.
Are there any other locations that could have rewrite rules? Did I miss anything?
Thank you so much in advance, this is killing me!
I am using the bitnami django on Google Cloud platform stack.
Goal: I want SSL configured on my bitnami stack hosted on Google Cloud. But their toolsudo ./bncert-tool complains "The domain resolves to a different IP address than the one detected for this machine. Please fix its DNS entries or remove it.
I have purchased a domain using google domains.
I have set up google dns to point to the IP address as I see in the bitnami stack. I have enabled mydomain.com and www.mydomain.com to forward to the cloud server ipaddress/home in Google domain name settings
I then tried to run the tool /opt/bitnami/bncert-tool:
sudo /opt/bitnami/bncert-tool
Welcome to the Bitnami HTTPS Configuration tool.
Domains
Please provide a valid space-separated list of domains for which you wish to
configure your web server.
Domain list []: mydomain.com
The following domains were not included: www.mydomain.com. Do you want to add them? [Y/n]: n
Warning: No www domains (e.g. www.example.com) or non-www domains (e.g.
www.example.com) have been provided, so the following redirections will be
disabled: non-www to www, www to non-www.
Press [Enter] to continue:
Warning: The domain 'mydomain.com' resolves to a different IP address than the
one detected for this machine, which is 'aa.bb.ccc.dddd'. Please fix its DNS
entries or remove it. For more info see:
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/
Press [Enter] to continue:
MY QUESTION:
How do I resolve this? I even tried adding both domains
mydomain.com www.mydomain.com
I want SSL enabled for mydomain.com and www.mydomain.com and not sure where I am going wrong?
Secondy, after the link forwards, how to associate my domain name so that the static IP doesn't keep displaying instead it shows the mapped domain mydomain.com/home
thanks
Suds
$nslookup mydomain
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: mydomain.com
Address: 216.239.32.21
Name: mydomain.com
Address: 216.239.34.21
Name: mydomain.com
Address: 216.239.36.21
Name: mydomain.com
Address: 216.239.38.21
$ nslookup www.mydomain.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
www.mydomain.com canonical name = ghs.googlehosted.com.
Name: ghs.googlehosted.com
Address: 172.217.26.179
$ dig +short NS mydomain.com ns-cloud-b1.googledomains.com.
ns-cloud-b2.googledomains.com. ns-cloud-b3.googledomains.com.
ns-cloud-b4.googledomains.com.
$ dig +short NS www.mydomain.com ghs.googlehosted.com.
You may need to change certain settings such as the domain name settings. If using Google Domains, the forwards actually don't integrate the A + Cname to one static IP. I had to physically create A and CName records.
This solved the first issue: What is interesting is one of my domains: mydomain.com is pointing multiple IP address whereas the other is point to different IP depending upon the DNS Server. This was also the one contributing to the error I used to get
when I ran sudo ./bncert-tool "The domain 'mydomain.com' resolves to a different IP address than the one detected for this machine, which is 'aa.bb.ccc.ddd'. Please fix its DNS entries or remove it.
I think physically forced the HTTPS redirection in web server settings. using this rule
/opt/bitnami/apache2/conf/bitnami/bitnami.conf,
Changed RewriteRule ^/(.*) https://example.com/$1 [R,L]
Then I still had some problems where the first hit the URLs will load, the next hit I would 404 errors.
I realized this was an issue with project level settings
opt/bitnami/apps/django/django_projects/Project/conf
sudo vi httpd-app.conf
WSGIScriptAlias /PROJECT '/opt/bitnami/apps/django/django_projects/PROJECT/PROJECT/wsgi.py'
to
WSGIScriptAlias / '/opt/bitnami/apps/django/django_projects/myproject/myproject/wsgi.py'
Then was the issue with ALLOWED HOSTS in settings.py:
Ensure the right ALLOWED HOSTS is updated, the project root or your application root, depending upon where you serve from.
/opt/bitnami/apps/django/django_projects/Project/Project
updated the settings in py here...
ALLOWED_HOSTS in settings.py
I have a static html site hosted on a s3 bucket. I have generated a free ssl certificate with let's encrypt which I imported into ACM.
certbot --manual --server https://acme-v01.api.letsencrypt.org/directory -d example.com -d www.example.com
I have setup cloudfront to use that certificate.
On my DNS provider (namecheap) I have set a CNAME that points www to the cloudfront domain name, and also put a redirect from mydomain.com to www.mydomain.com
Now if I go to
https://www.example.com, it works
https://example.com, it hangs until it times out
Can someone tell me what I'm a missing ?
On my DNS provider (namecheap) I have ... put a redirect from mydomain.com to www.mydomain.com
There's the problem. Your "DNS provider" has a redirect service that doesn't support HTTPS. There is no way they can -- a redirect can only occur after an HTTPS connection is made, and an HTTPS connection requires a valid certificate.
Redirects are never actually done in DNS, though your provider's interface may give you that impression. Redirects are always done with a web server. Your provider has a web server that they provision and point the DNS there when you configure one hostname to redirect to another.
In short, there's not really a way to do this at the domain apex without using Route 53 as your authoritative DNS host. You don't have to transfer your domain name registration to the Route 53 registrar, but you'll need to use Route 53 for your DNS, and you'll need a second bucket and a second CloudFront distribution -- see Supporting HTTPS URL redirection with a single CloudFront distribution.
I own a domain on GoDaddy and am attempting to point it to my DigitalOcean-hosted website. Here are the steps I have taken so far:
I cloned the git repo containing all of my website files from local to my DigitalOcean server.
I added an # record on godaddy for my domain and pointed it to my DigitalOcean IP address.
IMPORTANT!! I modified /etc/apache2/sites-enabled/000-default.conf with my new VirtualHost pointing mydomain.com to index.html, NOT THE ROOT DIRECTORY.
I then proceeded to do 'service apache2 restart' while sshed to DigitalOcean on terminal.
I assumed this would work and then tested it out and went to mydomain.com. Not so much. This is the error I got:
Forbidden
You don't have permission to access / on this server.
Apache/2.4.7 (Ubuntu) Server at mydomain.com Port 80
This was obviously pretty surprising given that it was not redirecting to index.html, so I manually appended /index.html to mydomain.com only to find that it gave me an identical error only I could not access /index.html instead of /.
I have done this kind of things many times before, however I used subdomain records for godaddy on an existing domain instead of using a brand new domain with no subdomains. Where did I go wrong?
Thanks!
Brandon
UPDATE: I tried on a test subdomain with test.mydomain.com and got this new error:
Not Found
The requested URL / was not found on this server.
Apache/2.4.7 (Ubuntu) Server at test.mydomain.com Port 80
You noted you modified the virtual host to point to index.html but not the root directory. Apache would still use the root directory (DocumentRoot) to locate the index.html file. If it is looking in the wrong location it could explain the 403 error (looking in a place that the web server user [www-data] cannot read as an example).
Beyond that, a 403 like that could be permission related. You would want to ensure the DocumentRoot and index.html file have the ownership of www-data:www-data and they are all readable by the web server itself (755 for folders and 644 for files is the norm).
There is a webserver which has example.com, www.example.com, my.example.com, shop.example.com, static.example.com. All sites except www.example.com is on https. My problem is when I type randomstring.example.com -> shop.example.com gets served. But I want nothing to be served. For example mail.google.com is a valid subdomain. if you type johndoe.google.com you see "This webpage is not available". How to achieve this via Vhost/.htaccess file.
It's not the part of apache. You should disallow DNS resolving for subdomains like *.example.com.
or
If you don't have access to the DNS server - you can create a virtualhost with blank index page and put this virtualhost directive on top of the all virtualhosts. It shouldn't be same as google's behavior (they are using 1st way), but at least you can protect shop.example.com visiting from randomstring.example.com