Potentially going to ask a stupid question, but here goes. Since trying to add my domain to CloudFront, to hide the distribution name, it seems to be throwing a wacky error. I've searched the forums, and similar questions, but none of the solutions seem to have worked, and I'm wondering if I'm doing something funky.
My domain is registered in Route 53. Let's call it domain.com for this purpose. I have an 'A' record, domain.com, aliased to the CloudFront distribution. All seems fine at the moment.
In CloudFront, I have the following:
- WAF: Off
- Alternate Domain Names: domain.com *.domain.com (I plan to use this later)
- Custom SSL Cert: Yes, domain.com
- TLSv1.2_2021
- HTTP/2
Origin:
- Domain: domain.com
- HTTPS only
- TLSv1
- Name: domain.com
- Origin Shield: no
In Behaviours:
- Default
- Origin: domain.com
- Viewer: Redirect HTTP to HTTPS
- GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
- Cache Policy: CachingOptimised
The rest of the settings are blank.
When I visit domain.com, however, I get the error:
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error.
Which is identical to what other people have gotten, but they seem to have been able to solve it fairly easily, whereas none of their solutions worked for me. Does anyone have any idea what I'm doing wrong? Even viewing the distribution URL throws that error?
AWS OFFICIALUpdated 2 years ago
I’m not sure I follow? In the Origin section in CloudFront?
Is the origin domain name actually the same as your custom domain name for CloudFront? Because if it is, this will send CloudFront into a loop where it tries to contact itself over and over. Your origin domain name should be the actual resource you want your viewers to see - an ALB, for example.
Yes, they’re the same. I see what you’re saying about the redirect. The issue I have, then I guess, is that they can’t be the same. I’m effectively wanting anyone who visits domain.com to hit the CloudFront cache, but that doesn’t seem to be possible if the server is using domain.com? It needs to be using something else?
You need somewhere for your content to be stored. CloudFront will cache it, but it has to come from somewhere - an S3 bucket or anything that can accept HTTP requests. If you have a server somewhere, you can still use a custom domain name to access it but it must resolve to the server IP, not to CloudFront. For example, you could have example.com resolve to your CloudFront distribution, and origin.example.com resolve to your server.
Okay, thank you! I think I’ve gotten that to work with your suggested set up. One unintended side effect of this, however, is that now my server is reading “origin.domain.com” and actioning virtual hosts based on that. For example, I have a virtual host that matches “domain.com” and sends the visits to one website, and then another, wildcard virtual host that sends them to a different website, obviously my server is receiving origin.domain.com even though the url is domain.com—is there anyway to keep origin.domain.com from being sent back to my server?