0

Community.

I have a web page served by Apache running on a EC2 AWS instance. I am using AWS Certificate Manager with CloudFront to manage SSL/TLS in order to access the web page using HTTPS

My environment:

Domain: some.com.do

AWS Certificate Alternate domain names: some.com.do, *.some.com.do

CloudFront Settings

Name: some.cloudfront.net

Domain names: some.com.do, *.some.com.do

Security policy: TLSv1.2_2021

Origin domain: EC2 public DNS

Origin Protocol: HTTPS only

Minimum origin SSL protocol: TLSv1.2

Viewer protocol policy: Redirect HTTP to HTTPS

Route 53 Settings

some.com.do type A Simple Routing Alias Route to some.cloudfront.net

www.some.com.do type A Simple Routing Alias Route to some.com.do

The page does not load well when using https

And right now, I am getting the error:

502 ERROR The request could not be satisfied.

CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Improve this question
10
  • Can you please expand on "the web page doesn't load well". Do some resources not load? Is it slow? Something else? Please be precise, and if relevant include logs or other details.
    – Tim
    Commented Apr 7, 2022 at 1:33
  • To be precise, the web page shows as unsecured, I mean, it is not using https. If I choose Origin Protocol: HTTP only, it loads unsecured but shows the web page correctly.
    – Geraldo
    Commented Apr 7, 2022 at 1:37
  • Tim, any help would be appreciated.
    – Geraldo
    Commented Apr 8, 2022 at 14:57
  • You haven't given us enough information to help work out the problem. CloudFront can't contact the origin. Can you connect to your origin from your PC? Is there a firewall of some kind stopping CloudFront connecting (NACL, SG, instance)? The domain name of the origin typically needs to be different from the CloudFront domain name otherwise you can't specify what to connect to separately from CloudFront.
    – Tim
    Commented Apr 8, 2022 at 19:27
  • I can connect origin from my PC. I can connect via SSH, in the browser to view my web page (using public IP or public hostname). There is no firewall enabled in the OS. SG is configured to allow traffic for 80 and 443 ports. The domain name is different from the CloudFront domain name (it's a domain name given by AWS xyz.cloudfront.net)
    – Geraldo
    Commented Apr 9, 2022 at 20:11

1 Answer 1

Reset to default
0

My problem was with the misconfiguration of the behaviours of the distribution. Seems like CF did not pass all the headers to my EC2 backend node.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .