I have a domain balanced in 2 IPs:
A - domain.com - 1.1.1.1
A - domain.com - 2.2.2.2
but I want to convert the IPs on CNAMEs:
So, i've created 2 "A" entries:
A - master - 1.1.1.1
A - slave - 2.2.2.2
and I want to create 2 CNAMEs from root domain to another 2 servers in order to get working as load balancer:
CNAME - domain.com - master.domain.com
CNAME - domain.com - slave.domain.com
but Cloudflare don't permitt create 2 same CNAMEs although the domain target be different
How can I create an "domain.com" entry to get targeted to the 2 another load balance servers by using CNAMEs?
I've created 2 "A" records:
A - balanced - 1.1.1.1
A - balanced - 2.2.2.2
and then link CNAME to "A"
CNAME - www - balanced.domain.com
Related
I've successfully set-up an SSL-certificate through the certbot with DNS-plugin. This works great and I have issued a certificate for example.com and *.example.com:
certbot certificates output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Domains: example.com *.example.com
Expiry Date: 2022-02-28 11:09:56+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
So far so good, all domains seem to be secured correctly:
example.com = OK
test.example.com = OK
However, the issue starts for the domain test1.test.example.com. The browser keeps complaining about the fact that the domain is not secured..! I've already re-issued the SSL-certificate. This succeeds, but still the domain is marked as insecure.
Important to note, if I modify the Apache config for the domain to not redirect http (insecure) traffic to https (secure) traffic, I can access the site. This validates my apache set-up, which in fact is only 1 config file, allowing:
ServerName example.com
ServerAlias *.example.com
EDIT: Perhaps this helps. Safari tells me that the name of the certificate example.com does not match the input? Firefox returns SSL_ERROR_BAD_CERT_DOMAIN. So, I tried to update the domain to also allow *.*.example.com, but that's not allowed by certbot as it returns: Cannot issue for '*.*.example.com': Domain name has more than one wildcard
EDIT 2: The DNS-plugin generated a json-file that contains the auth-information to validate the domains. This file contains an entry fulldomain and subdomain, but the issue is with a two level 'sub-sub' domain? Perhaps this is the issue? How can I fix this, as the certbot plugin does not allow multi wildcard domains?
I've figured it out, it's not allowed to use a wildcard character before the first dot in the domain-name (at least not with the DNS-plugin I use).
Therefore, I successfully got it working adding the domain like: -d *.test.example.com
After issuing and overwriting the old certificate with the new one, this worked perfectly as expected.
example.com = OK
test.example.com = OK
test1.test.example.com = OK
In documentation basics, we find the following examples for configuration of the hosts YAML element:
Serving one domain:
hosts: [example.org]
Serving three domains:
hosts:
- example.net
- example.com
- jabber.somesite.org
(The above are of course just two different ways of writing a YAML "list", once using the bracket notation, once using the indent-with-hypen notation).
A bit later, we see:
## This ejabberd server has three vhosts:
hosts:
- one.example.org
- two.example.org
- three.example.org
This is confusing.
As I understand, an XMPP domain (e.g. example.com) can be serviced by several servers or hosts (e.g. one.example.com, two.example.com, three.example.com).
The configuration seems to commingle XMPP domain and server.
Is the XMPP domain deduced from the servername? For example, if I enter one.example.org, is the XMPP domain example.org - or is it one.example.org?
If I just give the domain name under hosts, do I have to map the domain name to an actual IP endpoint in DNS?
Additionally, an SSL certificate will be requested via ACME
Will this be a certificate for the XMPP domain (example.com) or for the server (one.example.com) or will it be a wildcard certificate?
Will the ACME service (of Letsencrypt, say) give me a certificate for example.org if I already have a certificate for the webserver of example.org?
You can even have:
hosts:
- example.net
- example.com
- jabber.somesite.org
- one.example.org
- two.example.org
- three.example.org
- 11.22.33.44
This sets 7 different XMPP vhosts, each one with their specific accounts, MUC service, PubSub service...
Clients can authenticate to accounts like jon#example.net, tim#two.example.org, bot7#11.22.33.44, ...
It is your duty, as system administrator, to setup DNS so the XMPP clients know the IP address where ejabberd is listening for them. Except for the 11.22.33.44 IP address, which obviously the clients already know where to connect to.
Notice that you can have ejabberd serving one.example.org, and same or different XMPP server, in same or different machine, serving eleven.example.org
I'm new to CloudFront and was wondering how to force it to redirect. In Apache it's just through Virtual Host, but with CloudFront, I'm confused how to do it.
Here is my scenario
NameCheap
CNAME | www | random12345.cloudfront.net (where my site files are)
AWS
ACM - requirement for CloudFront for custom SSL (N.Virginia)
Domain Name: sample.com
Additional Domain Name(s): *.sample.com
CloudFront Distribution
Domain Name: random12345.cloudfront.net
CName: sample.com
*.sample.com
Result
WORKED: https://www.sample.com | www.sample.com
NOT WORKING: sample.com | https://sample.com | http://sample.com
Typing these in the search bar results to Error: This site can’t be reached sample.com’s server IP address could not be found. DNS_PROBE_FINISHED_NXDOMAIN
I attempted to create an S3 bucket to force redirect to https://www.sample.com
but can't create since CNAME www.sample.com is already used for the CloudFront Distribution. Can't use # in CNAME since it is not recommended on root configuration due to its effect on MX records
Thanks a lot.
You have to following step for redirecting non-www domain to www :
Note: www.example.com bucket should have code and example.com will be empty bucket only configuration mention below.
Create example.com S3 bucket.
Go to S3 bucket properties -> Static website hosting then select Redirect request add value as www.example.com
Set Bucket policy and CORS same www.example.com bucket
Create CloudFront for example.com use origin as example.com.s3-website-us-east-1.amazonaws.com not which selection dropdown giving.
Select user *.example.com ACM for https
Then create Route53 Entry for this example.com as A record select respective CloudFront origin for example.com.
This domain is transferred to AWS if you don't want full NS record then only move A record to AWS.
Then you are done.
I registered a domain over at Godaddy : example.com, then created an account with Cloudflare and added the Nameservers they give to Godaddy, after that i added my custom domains to heroku.Then I followed the steps in this guide Configure Cloudflare and Heroku over HTTPS.
This guide says to set the CNAME for the (www and RootDomain) to the default Heroku domain name provisioned for my app, so I used example.herokuapp.com for both and marked everything to pass through cloudflare "orange cloud".
Now my DNS settings in Cloudflare are like so:
Type Name Value TTL
CNAME example.com is an alias of example.herokuapp.com Automatic
CNAME www is an alias of example.herokuapp.com Automatic
And Heroku Dashoard
Domain Name DNS Target
(X) example.com example.com.herokudns.com
(X) www.example.com www.example.com.herokudns.com
I got this error marker (X) in herokus dashboard with a failing tooltip popout and a message:
Automated Certificate Management has failed for the following domains:
| Domain | Reason | | :--- | :--- | | example.com | | | www.example.com | |
What am I missing why am i getting this error, my site loads and its using https from Cloudflare.
Should i use the DNS Target from heroku example.com.herokudns.com and www.example.com.herokudns.com instead of example.herokuapp.com but they warn Cloudflare's security and speed features will not work
I bought an SSL certification for one of my sud-domains. It works perfectly, but when I changed the zone file to clean it up a little, I went into a problem that I still don't understand.
Here is the simplified version of my zone file:
IN A 1.2.3.4
IN AAAA 2001::1
* IN A 1.2.3.4
* IN AAAA 2001::1
xxxspecialkeyxxx.securesubdomain 10800 IN CNAME yyyspecialkeyyyy.sslregistrar.com.
securesubdomain IN A 1.2.3.4
securesubdomain IN AAAA 2001::1
What I don't understand is why it doesn't work if I remove the last two lines, like this:
IN A 1.2.3.4
IN AAAA 2001::1
* IN A 1.2.3.4
* IN AAAA 2001::1
xxxspecialkeyxxx.securesubdomain 10800 IN CNAME yyyspecialkeyyyy.sslregistrar.com.
Why the wildcards can handle all my subdomains, but not my secured one?