Score:0

Setting up CloudFront with SSL/TLS certificate and EC2 instance

cn flag

Community.

I have a web page served by Apache running on a EC2 AWS instance. I am using AWS Certificate Manager with CloudFront to manage SSL/TLS in order to access the web page using HTTPS

My environment:

Domain: some.com.do

AWS Certificate Alternate domain names: some.com.do, *.some.com.do

CloudFront Settings

Name: some.cloudfront.net

Domain names: some.com.do, *.some.com.do

Security policy: TLSv1.2_2021

Origin domain: EC2 public DNS

Origin Protocol: HTTPS only

Minimum origin SSL protocol: TLSv1.2

Viewer protocol policy: Redirect HTTP to HTTPS

Route 53 Settings

some.com.do type A Simple Routing Alias Route to some.cloudfront.net

www.some.com.do type A Simple Routing Alias Route to some.com.do

The page does not load well when using https

And right now, I am getting the error:

502 ERROR The request could not be satisfied.

CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Tim avatar
gp flag
Tim
Can you please expand on "the web page doesn't load well". Do some resources not load? Is it slow? Something else? Please be precise, and if relevant include logs or other details.
cn flag
To be precise, the web page shows as unsecured, I mean, it is not using https. If I choose Origin Protocol: HTTP only, it loads unsecured but shows the web page correctly.
cn flag
Tim, any help would be appreciated.
Tim avatar
gp flag
Tim
You haven't given us enough information to help work out the problem. CloudFront can't contact the origin. Can you connect to your origin from your PC? Is there a firewall of some kind stopping CloudFront connecting (NACL, SG, instance)? The domain name of the origin typically needs to be different from the CloudFront domain name otherwise you can't specify what to connect to separately from CloudFront.
cn flag
I can connect origin from my PC. I can connect via SSH, in the browser to view my web page (using public IP or public hostname). There is no firewall enabled in the OS. SG is configured to allow traffic for 80 and 443 ports. The domain name is different from the CloudFront domain name (it's a domain name given by AWS xyz.cloudfront.net)
Tim avatar
gp flag
Tim
That sounds ok. Unfortunately with the information provided there's nothing else I can say to help. I would work through the settings / problem to see what I find. If you can't work it out I suggest paying for AWS Support for a month as with your permission they can look at your account and tell you what's wrong.
cn flag
But What info do you need?
Tim avatar
gp flag
Tim
I don't actually know. What you've said sounds fine. If it was me I would work through everything from first principles and work it out. I've been doing AWS for years but don't do much in this area, it's one of those things I could probably work out by poking around.
cn flag
I see. Well, thanks for your time, Tim.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.