1 Answer
- Newest
- Most votes
- Most comments
1
You need to point your DNS for 'internal.example.com', at the EC2 instance. I realize that you got a 502 when you did that so let's address that next.
- configure CloudFront to redirect viewer HTTP to HTTPS - no-one serves content from HTTP sites any more - get this bit out of the way now
- setup your EC2 instance with a SSL certificate for 'internal.example.com' - use Let's Encrypt unless you already have a cert (you cannot use ACM cert on an instance)
- make sure you can connect to your instance on a browser using https://internal.example.com and get a valid response displayed - we will secure this later so that only CloudFront can access your origin
- configure your CloudFront behaviour to only use HTTPS to access the origin and make sure it's not configured to send 'Host' header to origin
- test!! It should work :-). Troubleshoot using this doco.
- Configure caching policy - cache everything you can including your home page '/'
- Secure your origin using AWS-managed prefix-list for Cloudfront
Recommendation: don't use a single instance as origin as this is not scaleable. Consider replicating your content to an S3 bucket (I believe there are a number of plug-ins that will do this for you) and use S3 as origin.
answered 10 months ago
Relevant content
- asked a year ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a month ago
Thank you so much. I use the command "$ openssl s_client -connect internal.example.com:443 -servername internal.example.com | openssl x509 -text | grep -E '(CN|Alternative)' -A 2" to check the certificate and found that the certificate which is issued by ACM and covered internal.example.com does work on connecting EC2 at this setting scenario. Yes, I will try to generate certificate and install it for EC2.
I followed the reply and it works. Thank you.