- Newest
- Most votes
- Most comments
What's missing here is the name of the origin (the back-end server - which is S3) that you have configured in your CloudFront distribution - or how you've configured that.
The best way to link your CloudFront distribution to S3 is to use OAC: https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-origin-access-control-oac/
Also: You've listed some values in the table in your question which should probably be kept private - things like domain keys. I'd remove them from the question and also strongly recommend refreshing them. I'm not 100% sure what the security risk is but better to be safe than sorry - those values are used to confirm your domain identity to providers (AWS, Stripe, etc.). It may not be a big deal but it's the type of thing that is better safe than sorry.
Update: Looking at the CloudFront screenshot you've configured the bucket for website access - you don't need to do that; it can be disabled and you can use OAC to restrict access to the bucket only to CloudFront. That also means that you don't have to make content in the bucket public. Unless you have a good reason, I would do that (disable website hosting on the bucket; make it private; use OAC).
Finally, to address the actual question: I know this sounds like a silly question but are you 100% sure that dpzoovgmxjpdc.cloudfront.net. is the distribution that points to your S3 bucket?
Thanks Brettski, I updated the post...
Yes, I am 100% sure that it points to the bucket. you can also see that in the screenshot. I also tried with disabling website access in the bucket. Didn't change anything. Still the wrong content is showing. Did you see that the content is shown is not even hosted on S3? It's hosted on heroku (which itself is using S3, so I am kind of thinking that this could be one of the main ingredients for the mess).
Maybe this traceroute information could be interesting too? It seems strange to me...
traceroute reports.repeato.app traceroute: Warning: reports.repeato.app has multiple addresses; using 13.32.110.52 traceroute to dpzoovgmxjpdc.cloudfront.net (13.32.110.52), 64 hops max, 52 byte packets 1 fritz.box (192.168.178.1) 2.876 ms 2.282 ms 2.242 ms 2 77.118.224.1.wireless.dyn.drei.com (77.118.224.1) 9.547 ms 9.370 ms 12.708 ms 3 192.168.242.95 (192.168.242.95) 10.458 ms 10.722 ms 11.614 ms 4 99.83.112.86 (99.83.112.86) 10.099 ms 10.424 ms 15.931 ms
traceroute clients.repeato.app traceroute: Warning: clients.repeato.app has multiple addresses; using 108.128.72.146 traceroute to secure-lychee-o9fwczm8jn18lb78hqitwc21.herokudns.com (108.128.72.146), 64 hops max, 52 byte packets 1 fritz.box (192.168.178.1) 2.725 ms 2.197 ms 2.100 ms 2 77.118.224.1.wireless.dyn.drei.com (77.118.224.1) 9.634 ms 9.178 ms 9.000 ms 3 192.168.242.95 (192.168.242.95) 13.955 ms 12.147 ms 9.958 ms 4 99.83.112.86 (99.83.112.86) 9.018 ms 10.273 ms 11.897 ms
When I visit
reports.repeato.apporclients.repeato.appI see sign-in page.reports.repeato.apppoints to a CloudFront distribution (dpzoovgmxjpdc.cloudfront.net) whilereporst.repeato.appresolved to Heroku. Note thatreports.repeato.appsays "Repeato Client Center" in the browswer tab whileclients.repeato.apphasLoginso they are definitely different. It looks like your S3 bucket is serving up some Javascript that renders a login page. Try accessing it withcurlorwget- that way you get the raw response and not something that your browser is interpreting.@Brettski-AWS: That's a very interesting observation indeed. Tried wget, and the source is indeed different. However, can't really make sense of it. But in any case, the bucket hosts a completely different project than what you see when you navigate to reports.repeato.app. This is what is served from the bucket: https://s3.eu-central-1.amazonaws.com/reports.repeato.app/index.html
Why the hack is https://reports.repeato.app showing content from a completely different project hosted on heroku? Could it be that heroku kind of "catches" all subdomain requests and routes it to the only project I am hosting there?
Finally, we managed to get it done. The 2 issues were:
- We had Mongo DB web services activated and it caught all requests to that subdomain and routed it to an old version of the backend. We just had forgotten to turn off that instance and remove the DNS setting.
- The "Alternate domain name (CNAME) - optional" field was not set to "reports.repeato.app". We didn't think it was necessary, since it says "optional"
Thanks @Brettski-AWS for your help!
Relevant content
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 15 days ago
So the error we get now is: "reports.repeato.app uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH" Any idea why?
What is producing that error? You'll find debugging this sort of thing is easier using a command-line tool like
curland looking at the debug (verbose) output rather than relying on what a browser throws up (as they are trying to be user-friendly).