I configured A react app deployed in AWS S3 with cloud front and connected to ROUTE53 with Custom Domain purchased from GoDaddy .Certificate is issued from AWS ACM and it is linked to Cloud front , added alterative domain CNAME also. Initially it worked and redirected to HTTPS from HTTP. After some time I see strange behavior. Now I get GoDaddy Domain parked message message when it is in HTTP mode and This site can’t be reached The connection was reset or This site can't provide a secure connection with HTTPS.
Things I did
Checked Alternate domain name added or not and it was there.
Route53 I added A record and pointed to cloud front distribution.
Enabled S3 bucket as hosting .
Cloud front distribution served with root index.html and it works fine.
When it connects to custom domain it will work for sometime and again it will show domain parked message from GoDaddy and ERR_SSL_PROTOCOL_ERROR or ERR_CONNECTION_CLOSED
We are going multi-region for our project and there is a need for us to use an Azure traffic manager to route traffic to each region. Our setup looks like below where our app gateway is exposed via a public IP which I used to configure on the Azure Traffic Manager.
My issue is when I hit the traffic manager URL it give me an SSL cert error, while if I hit the App gateway URL directly it works fine on HTTPS. Looking at the below error I know I need to configure the traffic manager certificate and my question is
Is this needs to be configured somewhere in the traffic manager? OR
DO we need to configure this in the application gateway and change the app gateway ingress in Kubernetes with and also use traffic manager certificate there?
• The traffic manager works at the DNS level, thus as the DNS records pointing to the traffic manager’s public URL aren’t setup correctly, you are getting this error when browsing the traffic manager’s URL. Also, when you are accessing the application gateway URLs independently, they are being accessed successfully as the URLs for the application gateways are hosted on the Azure DNS and independent public IPs are also allotted against their DNS records. Thus, appropriate DNS records to route the DNS access request for the traffic manager’s website need to be updated.
• Since you are using multi region setup in Azure with load balancing features, I am considering that your custom domain and its DNS records are setup in Azure itself. And the URLs for the application gateway are setup as separate endpoints in the form of subdomains in the custom DNS record setup itself. Thus, when you browse the application gateway URLs according to the custom domain URL setup, you can access the application page correctly. With respect to the traffic manager, you will need to create a CNAME record pointing from your custom domain to the ‘*.trafficmanager.net’ domain, while also creating a CNAME record pointing from your custom domain to your generic application gateway URLS.
• Once done, create A host records for each application gateway endpoint pointing to the public IP address assigned by Azure to them. After doing the above, your traffic manager URL should be able to route and redirect the application access requests correctly. For more information, please refer to the community discussion below which specifies the exact details relating to your problem: -
Azure Traffic Manager SSL Setup (not classic)
I have a simple website that I wanted to be on a custom dns. I had it running on elastic beanstalk but due to elastic beanstalk wanting me to setup a load balancer and two EC2's just to have a custom DNS, I decided to give lightsail container services a try. However.....
I created my container, deployed and it worked fine. I can access the public domain but for some reason, google has marked my website as dangerous? This wasn't the case on elastic beanstalk.
I then tried to create my custom domain. So I registered a domain name on Route 53 i.e. test.com, created the certificate on lightsail and then went back to route 53 to add a new cname record. The lightsail status changed to "Status:Valid, in use"
But my custom domain does not redirect to the public domain at all, I just get "This site can’t be reached" when navigating to "test.com" (not my real dns name)
You can do that with the below steps:-
1. Create a certificate with CNAME.
2. Add your Name and value in the R53 Hosted zone that will validate your certificate.
3. Now Choose a certificate to validate your custom domain.
I want to host a HTTPS-only static website using Amazon S3 and GoDaddy. Here's what I've done so far:
a) Created S3 static website at Amazon
b) Added S3 static URL at GoDaddy's CNAME records
CNAME **NAME**: *WWW* and **HOST** : *mywebsite.com.s3-website.ap-south-1.amazonaws.com*
c) Then in forwading **Domain** section added http://mywebsite.com
Now, I can access my website using http://mywebsite.com address. However, I want the site to be available via HTTPS only, for which I bought an SSL certificate from GoDaddy. And did setup on GoDaddy.
Now, the question is:
Is there a way to have an automatic http to https redirect with this setup?
You need to use CloudFront to serve HTTPS requests for an Amazon S3 Bucket. Amazon published Key Differences Between the Amazon Website and the REST API Endpoint to highlight website hosting on s3 does not support SSL connections.
However, this tutorial by Amazon will walk you through creating a CloudFront distribution to serve s3 content using HTTPS.
I am using an Amazon S3 bucket for uploading and downloading of data using my .NET application. Now my question is: I want to access my S3 bucket using SSL. Is it possible to implement SSL for an Amazon s3 bucket?
You can access your files via SSL like this:
https://s3.amazonaws.com/bucket_name/images/logo.gif
If you use a custom domain for your bucket, you can use S3 and CloudFront together with your own SSL certificate (or generate a free one via Amazon Certificate Manager): http://aws.amazon.com/cloudfront/custom-ssl-domains/
Custom domain SSL certs were just added today for $600/cert/month. Sign up for your invite below:
http://aws.amazon.com/cloudfront/custom-ssl-domains/
Update: SNI customer provided certs are now available for no additional charge. Much cheaper than $600/mo, and with XP nearly killed off, it should work well for most use cases.
#skalee AWS has a mechanism for achieving what the poster asks for, "implement SSL for an Amazon s3 bucket", it's called CloudFront. I'm reading "implement" as "use my SSL certs," not "just put an S on the HTTP URL which I'm sure the OP could have surmised.
Since CloudFront costs exactly the same as S3 ($0.12/GB), but has a ton of additional features around SSL AND allows you to add your own SNI cert at no additional cost, it's the obvious fix for "implementing SSL" on your domain.
I found you can do this easily via the Cloud Flare service.
Set up a bucket, enable webhosting on the bucket and point the desired CNAME to that endpoint via Cloudflare... and pay for the service of course... but $5-$20 VS $600 is much easier to stomach.
Full detail here:
https://www.engaging.io/easy-way-to-configure-ssl-for-amazon-s3-bucket-via-cloudflare/
It is not possible directly with S3, but you can create a Cloud Front distribution from you bucket. Then go to certificate manager and request a certificate. Amazon gives them for free. Ones you have successfully confirmed the certification, assign it to your Cloud Front distribution. Also remember to set the rule to re-direct http to https.
I'm hosting couple of static websites on Amazon S3, like my personal website to which I have assigned the SSL certificate as they have the Cloud Front distribution.
If you really need it, consider redirections.
For example, on request to assets.my-domain.example.com/path/to/file you could perform a 301 or 302 redirection to my-bucket-name.s3.amazonaws.com/path/to/file or s3.amazonaws.com/my-bucket-name/path/to/file (please remember that in the first case my-bucket-name cannot contain any dots, otherwise it won't match *.s3.amazonaws.com, s3.amazonaws.com stated in S3 certificate).
Not tested, but I believe it would work. I see few gotchas, however.
The first one is pretty obvious, an additional request to get this redirection. And I doubt you could use redirection server provided by your domain name registrar — you'd have to upload proper certificate there somehow — so you have to use your own server for this.
The second one is that you can have urls with your domain name in page source code, but when for example user opens the pic in separate tab, then address bar will display the target url.
As mentioned before, you cannot create free certificates for S3 buckets. However, you can create Cloud Front distribution and then assign the certificate for the Cloud Front instead. You request the certificate for your domain and then just assign it to the Cloud Front distribution in the Cloud Front settings. I've used this method to serve static websites via SSL as well as serve static files.
For static website creation Amazon is the go to place. It is really affordable to get a static website with SSL.