Search code examples
amazon-web-servicesamazon-elastic-beanstalkamazon-cloudfrontamazon-route53aws-certificate-manager

Paths won't resolve in domain name but in Elastic Beanstalk URL

What I have done so far:

  • I uploaded my Laravel App to Elastic Beanstalk
  • I purchased a domain name at namecheap: domain.net
  • I set up a Hosted Zone for domain.net in Route 53
  • I entered the NS infos from the Hosted Zone in the section of my domain at namecheap
  • I got a certificate from Certificate Manager and associated domain.net, I got a second cert for *.domain.net
  • I created a CNAME record for the certificate in the Hosted Zone (see picture below)
  • I created a CloudFront distribution, under "Origin Domain Name" I put the Elastic Beanstalk URL, chose "Redirect HTTP to HTTPS", entered domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net
  • I repeated the previous step for *.domain.net
  • Then in Hosted Zones I created an Alias record for domain.net pointing to the CloudFront distribution for domain.net and another Alias record for *.domain.net pointing to the respective CloudFront distribution (see picture below)

Question

I went on the website and got an SSL connection for both domain.net and www.domain.net, even the redirection from HTTP to HTTPS works. But when I click on a link in the navigation menu for example, like "About", the page I get is NOT domain.net/about, but http://myenvironment-env.eba-zxsw5igy.us-east-1.elasticbeanstalk.com/about with a "Not Secure" connection. When I enter the URL manually in the browser, however, like domain.net/about, I get the correct URL. What may I have done wrong?

Here is the overview over the records from the Hosted Zone. enter image description here

Update

Configuring Route 53 with the same Laravel application code on Elastic Beanstalk without SSL (+CloudFront) works fine. I am able to access any links on the website, they resolve correctly to domain.net/about etc.

Maybe I do not connect CloudFront to Elastic Beanstalk correctly? Again, this is what I do in the CloudFront distibution: Under "Origin Domain Name" I put the Elastic Beanstalk URL, I choose "Redirect HTTP to HTTPS", I enter domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net

Solution

  • So, I found a solution for my problem. By default, CloudFront sets HTTP Request Header to the origin hostname -- for me this was the ElasticBeanstalk URL. The application then generates links based on that origin.

    To change that behavior one has to create a Cache Policy and an Origin Request Policy and add the host header to a whitelist, so CloudFront uses the hist header that is sent from the browser.

    This answer gave me a hint on what to do, as well as these AWS resources: