Paths won't resolve in domain name but in Elastic Beanstalk URL
What I have done so far:
- I uploaded my Laravel App to Elastic Beanstalk
- I purchased a domain name at namecheap:
domain.net - I set up a Hosted Zone for domain.net in Route 53
- I entered the NS infos from the Hosted Zone in the section of my domain at namecheap
- I got a certificate from Certificate Manager and associated
domain.net, I got a second cert for*.domain.net - I created a CNAME record for the certificate in the Hosted Zone (see picture below)
- I created a CloudFront distribution, under "Origin Domain Name" I put the Elastic Beanstalk URL, chose "Redirect HTTP to HTTPS", entered
domain.netunter "Alternate Domain Names" and chose the SSL cert fordomain.net - I repeated the previous step for
*.domain.net - Then in Hosted Zones I created an Alias record for
domain.netpointing to the CloudFront distribution fordomain.netand another Alias record for*.domain.netpointing to the respective CloudFront distribution (see picture below)
Question
I went on the website and got an SSL connection for both domain.net and www.domain.net, even the redirection from HTTP to HTTPS works. But when I click on a link in the navigation menu for example, like "About", the page I get is NOT domain.net/about, but http://myenvironment-env.eba-zxsw5igy.us-east-1.elasticbeanstalk.com/about with a "Not Secure" connection. When I enter the URL manually in the browser, however, like domain.net/about, I get the correct URL. What may I have done wrong?
Here is the overview over the records from the Hosted Zone.
Update
Configuring Route 53 with the same Laravel application code on Elastic Beanstalk without SSL (+CloudFront) works fine. I am able to access any links on the website, they resolve correctly to domain.net/about etc.
Maybe I do not connect CloudFront to Elastic Beanstalk correctly? Again, this is what I do in the CloudFront distibution: Under "Origin Domain Name" I put the Elastic Beanstalk URL, I choose "Redirect HTTP to HTTPS", I enter domain.net unter "Alternate Domain Names" and chose the SSL cert for domain.net
So, I found a solution for my problem. By default, CloudFront sets HTTP Request Header to the origin hostname -- for me this was the ElasticBeanstalk URL. The application then generates links based on that origin.
To change that behavior one has to create a Cache Policy and an Origin Request Policy and add the host header to a whitelist, so CloudFront uses the hist header that is sent from the browser.
This answer gave me a hint on what to do, as well as these AWS resources:
- This gives an overview about the solution
- How to create a Cache Policy and attach it to your distribution
- How to create an Origin Request Policy and attach it to your distribution
- HTTP requests not working on aws ec2
- Amazon EC2 and EBS disk space problem
- How do I enable Data API?
- CDK Pipelines - Migrating a database in the pipeline
- Do environment variables in ECS Fargate task definitions support interpolation?
- Upgrading AWS RDS aurora from serverless v1 to serverless v2 using terraform
- AWS IAM user not able to see Billing and Cost Management Dashboard
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- Deleting last element in a DynamoDB string set
- AWS CLI on Windows won't work though using double quotes and escapes
- How to resolve 'Step Functions State Machine is not authorized to create managed-rule'?
- Understanding SQS message receive amount
- AWS Glue JDBC Connection created using Cloud Formation is not setting the password
- CloudFront charges after you invalidate your distribution over 1,000 times, does the count reset each month?
- AWS Cognito federated user login not allowing to sign in as different user after log out
- AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
- Provide AWS Lex response in Hyperlink format
- Fixing yaml indentation with python
- Generate S3 URL in "path-style" format
- Trying to find the ARN pattern for AWS WAF regional
- AWS cognito: What's the difference between Access and Identity tokens?
- virtually isolate the network in the same AWS Cloud Account
- AWS start sandbox from tutorial
- Can I stop a spot instance in aws just like I can stop and start an on demand ec2 instance
- FastAPI app works locally, but /blogs endpoint causes redirect loop on AWS Lambda deployment
- Get pdftotext Python module running on Lambda
- Kubernetes: how to set VolumeMount user group and file permissions
- Invalid arn error for terraform code with kms data resource
- Unable to import module 'src.main': No module named 'dependencies' when uploading FastAPI zipped project to AWS Lambda
- Unable to update AWS AppRunner VPC connector via CDK