By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to configure DNS for a Wordpress site on AWS EC2 Route 53 settings behind CouldFront?

0

I requested a SSL certificate from Amazon Certificate Manager.It covers example.com, www.example.com, internal.example.com. In order to avoid 'too many redirects' error occuring by Wordpress I use a subdomain name internal.example.com as origin domain name of cloudfront distribution. I created one A record for example.com, one A record for www.example.com, and the 2 A records point to CloudFront Distribution domain name. I am not sure how to configure DNS record for internal.example which is set as origin domain name of CloudFront Distribution. When I create A record for internal.example.com and point to CloudFront Distribution domain name I get 403 error at visiting my website. When I create CNAME record for internal.example.com and point it to EC2 Public DNS domain I get 502 error at visiting the website. For both of optional DNS records of internal.example.com I checked propagation of the three domain names and EC2 Public DNS at online website and the results of the three domains popped lists of IP addresss at multiple locations. I understand CNAME pointing to Public DNS domain is reasonable. If it is A record pointing to CloudFront Distribution domain name when browser requests to my website the request will go to CloudFront server, CloudFront server will go to subdomain internal.example.com which is set for origin domain name of CloudFront Distribution. When subdomain inter.example.com receives query from CloudFront server subdomain will check DNS record and pass the query to CloudFront server accord to the DNS record setting. So it is a dead loop. But for internal.example.com which is now the origin domain name of CloudFront if I create CNAME DNS record or DNS A record to EC2 Public DNS or Public IP address there will be no SSL certificate between CloudFront and origin EC2 or Public IP. In addition, now I can visit the first page of the Wordpress website by public IP address of my site but with warning sign of like not secure site . When I try accessing to admin page of Wordpress I get 502 error.

The reason for me to use a subdomain name as origin name of CloudFront Distribution is by the link Adding Amazon’s Cloudfront CDN to your Wordpress site for free

Topics
Networking & Content DeliveryManagement & Governance
Tags
Amazon VPCAWS ConfigAmazon CloudFrontAmazon Route 53
Language
English
will_qihua
asked a month ago339 views
1 Answer
1
Accepted Answer

You need to point your DNS for 'internal.example.com', at the EC2 instance. I realize that you got a 502 when you did that so let's address that next.

  1. configure CloudFront to redirect viewer HTTP to HTTPS - no-one serves content from HTTP sites any more - get this bit out of the way now
  2. setup your EC2 instance with a SSL certificate for 'internal.example.com' - use Let's Encrypt unless you already have a cert (you cannot use ACM cert on an instance)
  3. make sure you can connect to your instance on a browser using https://internal.example.com and get a valid response displayed - we will secure this later so that only CloudFront can access your origin
  4. configure your CloudFront behaviour to only use HTTPS to access the origin and make sure it's not configured to send 'Host' header to origin
  5. test!! It should work :-). Troubleshoot using this doco.
  6. Configure caching policy - cache everything you can including your home page '/'
  7. Secure your origin using AWS-managed prefix-list for Cloudfront

Recommendation: don't use a single instance as origin as this is not scaleable. Consider replicating your content to an S3 bucket (I believe there are a number of plug-ins that will do this for you) and use S3 as origin.

AWS
AWS-User-knoxy
answered a month ago
  • will_qihua
    a month ago

    Thank you so much. I use the command "$ openssl s_client -connect internal.example.com:443 -servername internal.example.com | openssl x509 -text | grep -E '(CN|Alternative)' -A 2" to check the certificate and found that the certificate which is issued by ACM and covered internal.example.com does work on connecting EC2 at this setting scenario. Yes, I will try to generate certificate and install it for EC2.

  • will_qihua
    a month ago

    I followed the reply and it works. Thank you.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content