I've been tasked with setting up our web app on CloudFront. Our web app is hosted on an Ubuntu server that is completely outside AWS.
I have little to no experience with CDNs, but I've made some decent progress on it. Unfortunately, the docs are unhelpful because most of them assume you're using S3, especially hosting a static site or something to that effect.
So, here is what is unique about our setup:
- We originally used Cloudflare (not CloudFront) and our DNS is still ultimately hosted with them.
- I've updated the Cloudflare DNS entries with NS records that point to Route 53. So now Route 53 handles DNS for the subdomain I'm working with, and points us toward the CloudFront distribution domain instead.
- I've created a distribution for the subdomain (let's say
app.example.com
), and requested a public SSL/TLS certificate, which I believe I have now installed and configured correctly. (The reason I say this is that I was originally getting privacy errors in Chrome when visiting app.example.com
, but this error went away after I figured out the SSL/TLS certificate part.)
Now, what is happening, is when I visit app.example.com
I am getting a 403 error that reads:
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
CloudFront is having issues talking to the origin server.
I'm not sure if the issue is possibly a secondary SSL/TLS certificate issue (i.e. do I need to install another cert on the Ubuntu box? It already uses letsencrypt. Does it need to be the public certificate I requested from AWS or a new one?).
Or, is it possible that the DNS setup is somehow making it impossible for CloudFront to know how to even find the origin server? (After all, the DNS for app.example.com
points us to CloudFront, so how is CloudFront supposed to know how to find the origin server?) Having never worked with CDNs before, I'm a bit confused.
So far every troubleshooting guide assumes the 403 error is coming from an incorrect S3 bucket policy or something like that, but again, I'm not using S3 to serve the web app.