SSL certificate + Cloudfront + EC2 set up - Too many redirect

0
votes

I will try to be as precise as possible with my issue and question!

  • I have a certificate generated by Amazon Certificate Manager
  • I have a cloudfront with the certficate and it has origin of EC2 public DNS
  • The connected EC2 has Nginx listening on port 80

The issue is I am getting Too Many Redirection...

Redirection is from xxx.com to www.xxx.com/?sid=xxxxxxxx endlessly..

I have set the route 53 to point to EC2 ip and the application works fine without an issue so there is no issue with the webserver..

And if I want to get https working.. because I have no ELB I thought I could make HTTPS Port on Cloudfront to 80 so all traffic goes to Nginx port 80 but it doesn't work the server doesn't respond.

So my question is.

  • Does anyone have any idea why there is too many redirection? or where to look at?

  • Do you see any fundamental architecting issue with Certificate from ACM pointing to Cloudfront that connects to EC2 without ELB?

  • Am I not correct if cloudfront send http and https traffic to ec2 port 80, it should work?

1
amazon-web-servicessslnginxamazon-ec2amazon-cloudfront
It would be nice if you show your nginx redirection, but I can tell you that xxx.com to www.xxx.com/?sid=xxxxxxxx will be seen as the same url by nginx, unless you treat query params on your setup.Stargazer

1 Answers

0
votes

Have you whitelisted HOST header on CloudFront and tried it ? The redirection is done by EC2 and since you're using EC2 DNS name under Origin Domain name configuration, CF is going to add HOST header as EC2 DNS name and no matter how many times you redirect, the client connects back to CF and CF uses the same DNS name in HOST header and connects back to origin.

Please try to whitelist HOST header and clear the cache before test it again as CloudFront caches 3xx as well.

Am I not correct if cloudfront send http and https traffic to ec2 port 80, it should work? - You can't have both HTTP and HTTPS working on the same port, Origin protocol policy on CloudFront defines how do you want the CloudFront to connect to your EC2 (on HTTP or HTTPS)