0

Community.

I have a web page served by Apache running on a EC2 AWS instance. I am using AWS Certificate Manager with CloudFront to manage SSL/TLS in order to access the web page using HTTPS

My environment:

Domain: some.com.do

AWS Certificate Alternate domain names: some.com.do, *.some.com.do

CloudFront Settings

Name: some.cloudfront.net

Domain names: some.com.do, *.some.com.do

Security policy: TLSv1.2_2021

Origin domain: EC2 public DNS

Origin Protocol: HTTPS only

Minimum origin SSL protocol: TLSv1.2

Viewer protocol policy: Redirect HTTP to HTTPS

Route 53 Settings

some.com.do type A Simple Routing Alias Route to some.cloudfront.net

www.some.com.do type A Simple Routing Alias Route to some.com.do

The page does not load well when using https

And right now, I am getting the error:

502 ERROR The request could not be satisfied.

CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Geraldo
  • 1
  • 1
  • Can you please expand on "the web page doesn't load well". Do some resources not load? Is it slow? Something else? Please be precise, and if relevant include logs or other details. – Tim Apr 07 '22 at 01:33
  • To be precise, the web page shows as unsecured, I mean, it is not using https. If I choose Origin Protocol: HTTP only, it loads unsecured but shows the web page correctly. – Geraldo Apr 07 '22 at 01:37
  • Tim, any help would be appreciated. – Geraldo Apr 08 '22 at 14:57
  • You haven't given us enough information to help work out the problem. CloudFront can't contact the origin. Can you connect to your origin from your PC? Is there a firewall of some kind stopping CloudFront connecting (NACL, SG, instance)? The domain name of the origin typically needs to be different from the CloudFront domain name otherwise you can't specify what to connect to separately from CloudFront. – Tim Apr 08 '22 at 19:27
  • I can connect origin from my PC. I can connect via SSH, in the browser to view my web page (using public IP or public hostname). There is no firewall enabled in the OS. SG is configured to allow traffic for 80 and 443 ports. The domain name is different from the CloudFront domain name (it's a domain name given by AWS xyz.cloudfront.net) – Geraldo Apr 09 '22 at 20:11
  • That sounds ok. Unfortunately with the information provided there's nothing else I can say to help. I would work through the settings / problem to see what I find. If you can't work it out I suggest paying for AWS Support for a month as with your permission they can look at your account and tell you what's wrong. – Tim Apr 09 '22 at 20:25
  • But What info do you need? – Geraldo Apr 10 '22 at 02:41
  • I don't actually know. What you've said sounds fine. If it was me I would work through everything from first principles and work it out. I've been doing AWS for years but don't do much in this area, it's one of those things I could probably work out by poking around. – Tim Apr 10 '22 at 03:41
  • I see. Well, thanks for your time, Tim. – Geraldo Apr 10 '22 at 11:12
  • I have exactly the same issue when I'm trying to set up EC2 node at the backend for AWS Cloudfront. – Andrey Zentavr Jul 14 '22 at 03:55

1 Answers1

0

My problem was with the misconfiguration of the behaviours of the distribution. Seems like CF did not pass all the headers to my EC2 backend node.

Andrey Zentavr
  • 161
  • 1
  • 1
  • 5