I've got a chatbot backend which is talking to a service (service 3) which talks to another and sending a CloudFront signed URL for an image.
Then from the Chatbot browser (client) requests to CloudFront which talks to Service 1 and Service 2 for serving the image.
All the services are deployed in AWS Elastic Beanstalk. But now its reurning HTTP 504 when requesting for the image from CloudFront.
As a way of resolving this, I tried updating Route 53 CNAME entry manually with Service 1 load balancer URL assuming this has caused by CloudFront not being able to reach public DNS entry for Service 1. But it did not resolve the issue.
Related
I am trying to redirect app.test.dev.mydomain.io to another origin app.dev.mydomain.io because there is an IOS app which uses this origin, but I got the error of ERR_SSL_VERSION_OR_CIPHER_MISMATCH
and the app is running on kubernetes cluster with ingress controller to access it.
do you have any suggestions to doing that?
I have purchased a domain (deepalgorithm.net), however I am a bit curious as to how I would route all traffic that visit this domain to my Amazon Elastic BeanStalk instance, which is running my web application.
Secondly, how can I make it so that , when users type this link "deepalgorithm.net" it takes them to my web application.
You need to put Elastic Load Balancer in front of your application and point record in Route53 to the ELB
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html
Since you got the domian in Route53, there is an entire section in the AWS docs devoted to setting up the routing:
Routing traffic to an AWS Elastic Beanstalk environment
The process involves creating a Route 53 record to your EB domain:
Creating an Amazon Route 53 record that routes traffic to your Elastic Beanstalk environment
Is it possible to configure the proxy on a secured route so that on a redirect the location header field in the response is rewritten to HTTPS?
I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://complan-complan.a3c1.starter-us-west-1.openshiftapps.com/planner
when I log in to the application. But also without login the request to the above URL is redirected to HTTP and again to HTTPS.
Thanks!
When the exposed route in OpenShift is set to TLS edge termination then the build-in HAProxy will terminate the HTTPS connection and create a new HTTP connection to your application.
To get the original client-ip/protocol/port the proxy inserts the HTTP headers X-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Port.
For redirection to work correctly you have to tell your framework/server to use those fields. In your case with Wildfly you can follow theses instructions
There are samples for other frameworks/servers in the OpenShift FAQ:
https://developers.openshift.com/faq/troubleshooting.html#_how_do_i_redirect_traffic_to_https
I've tested several http requests and only one IP is not getting any response from my server hosted in Openshit.
How can I unblock this IP?
I am attempting to use purely https with my compute engine. I have a network load balancer created that forwards to a pool with my instance in it. However, the pool has constantly failing health checks because it won't let me configure a health check that uses https.
I'm using apache to redirect 80 to 443. Does anyone know how to either create an https health check or have the http health check follow the redirect?
Thanks for any help.
--edit--
I finally came across some documentation at http://googlecloudplatform.blogspot.com/2015/07/Debugging-Health-Checks-in-Load-Balancing-on-Google-Compute-Engine.html.
Failure 5: Not answering directly with a 200 response code The web server may be configured to redirect to a page that returns an HTTP 200 response code. The health check will not follow the redirect; it expects the health check page to return a 200 directly.
This basic capability has been supported at every other hosting provider we've been on. Why can't this be done? What am I missing?
I spent the whole day trying to configure a purely https based load balancer in GCloud for a Kubernetes cluster with an ingress controller.
I finally got it working, so maybe I share my experience with people that struggle with the same configuration. If the health-check fails for the instances you will usually see the following accessing your websites URL.
Error: Server Error
The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds.
1) Protocol: GCloud introduced new health checks which can be configured for HTTPS, SSLTCP, SSL, HTTP, HTTPS, or HTTP/2 probing. This can help the original problem to prevent a redirect from port 80 to port 443.
2) Path: The most common issue is a that the "/" path of your application will not return a 200 OK and thus let the health issue fail. This can be prevented by adding a path argument to your health check e.g. "/index".
3) Ingress HTTPS: This is relatively simple. Adding a secret or a pre-shared-cert to your ingress.yaml will automatically result in an HTTPS Load Balancer instead of HTTP. Further information to follow are here
Lastly, the guide from the docs for Setting up HTTP Load Balancing with Ingress .
However, even though the new HTTPS Health checks seem to work, they are still in the beta phase and bugs are reported in the issue tracker. The documentation for the gcloud-ingress-controller can be found here.