1

I followed this guide to setup WordPress on EC2, but it doesn't cover how to enable HTTPS. I've used the 'WordPress Certified by Bitnami and Automattic' AMI.

I know I can use CloudFront infront of EC2 for SSL, but I'm having trouble getting it working. I've gotten Error 502 plus several others. So I'd like to start from scratch and confirm my approach is correct.

I've registered my own domain (example.com). In Route 53, I have 'blog.example.com' as an A record pointing to my instance's EIP. I also have a CNAME record for 'www.blog.example.com' pointing to 'blog.example.com'. Both URLs can access my instance via HTTP.

  1. In CloudFront's configuration, my 'Origin Domain Name' is:

    • Public DNS (ec2-XX-XX-XX-XX.ap-southeast-2.compute.amazonaws.com)

  2. 'Origin Protocol Policy' is set to HTTP

  3. 'Viewer Protocol Policy' is set to 'Redirect HTTP to HTTPS'.

  4. For SSL Certificate, I've requested a custom cert for both:

    • blog.example.com
    • www.blog.example.com

All other CF settings have been left as default. I can access the distribution's domain name but its still HTTP.

After the Distribution is deployed, I've change the 'blog.example.com' record in Route 53 to have an alias target of CF's domain name (xxxxxxxxxxx.cloudfront.net).

  • What about the CNAME record (www.blog.example.com), should it be amended aswell?

Up to this stage, I can access both 'www.blog.example.com' and 'blog.example.com' but its HTTP and the EIP appears in the URL bar, not domain names.

What am I missing or have setup incorrectly?

I'm super new to AWS so many thanks in advance!

the0
  • 11
  • 2

2 Answers2

0

I am not sure if you are still looking for a solution but here is how I accomplished setting up SSL on my ec2 instance.

1) I issued a SSL Certificate for the URL that the ec2 was pointed at. I used AWS Certificate Manager to accomplish this.

There are two ways to verify domain authority DNS and Email. I have found DNS to be much easier, especially if you are using Route 53.

2) Next I had to list the alternate CNAME's to both of my A records (www.example.com & example.com) within Cloudfront (this tutorial was helpful). After selecting the Cloudfront distribution under the General tab click the Edit button. You will need to import your SSL certificate by selecting the radio button: Custom SSL Certificate (example.com) and then selecting the appropriate certificate that you created in Step 1.

Do keep in mind some of these steps required 15-20 minutes for the changes to propagate.

3) The final step is to point the A record within Route 53 to the Cloudfront distributions domain name.

The three AWS services you will need to utilize to accomplish this are Route 53, Cloudfront (CDN), and Certificate Manager.

Hope this helps and good luck!

Isaac Tait
  • 33
  • 6
  • Another few useful links if you get stuck https://stackoverflow.com/questions/30611917/cloudfront-distribution-not-showing-as-route53-alias-target & https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements – Isaac Tait Feb 08 '20 at 05:02
  • Thank you so much! I put this on hold but will pick it up in the near future. Cheers! – the0 Feb 09 '20 at 08:38
  • I wanted to follow up with you about this as I had some issues with Cloudfront breaking my sites back-end functionality. I ended up using an ELB instead (I also didn't want to pay for Cloudfronts CDN) and found these tutorials to be very helpful: https://docs.bitnami.com/aws/how-to/configure-elb-ssl-aws/ & https://community.bitnami.com/t/https-breaks-site-functionality/76149/6 – Isaac Tait Feb 13 '20 at 23:00
0

Your aws configuration is looking fine. The problem is with your wordpress url, In wp-config.php you can identify the siteurl to your "domain.com" or you can set it through manually entering "domain.com" in the database. Make sure you enter https://youdomain in siteurl field.

matesio
  • 1,285
  • 13
  • 25