Setting up CloudFront [Custom Origin] for EC2 instance

amazon ec2amazon-cloudfrontamazon-route53amazon-web-servicescdn

I have been checking things up & down on Google & AWS Documentation but can't seem to nail this one.

I have an EC2 instance setup with a domain being served via a virtual host and I need to use a CDN for the contents on the site, mainly images ie website assets.

EC2 Details of the instance

t2.micro
LAMPP
Virtual Host Set Up
DNS: Route 53
No ELB
EBS
SSL

Cloudfront Distribution Details

Origin: example.com
Delivery Method: Web

What I tried to do is use the domain name in the origin and the Cloudfront domain was now redirecting to the origin domain name along with fetching assets by https.

I haven't found any impact on the site speed, pinged from different geo locations thus I have come to doubt whether this was done correctly.

The part which I need to resolve is which of the below path is correct for setting up Cloudfront with EC2:

Use EC2 instance DNS for 'Origin Domain Name' and add the directory name in the 'Origin Path' for the virtual host
Only add the domain name in the 'Origin Domain Name'

Thanks for the help!

Edit

Attaching Route 53 Details

A Record => Name: www.example.com, Value: IP ADDRESS & Routing Policy: Simple
A Record => Name: example.com, Alias: Yes & Alias Target: www.example.com

Edit02

Updated AWS Setup
AWS Setup between EC2, Route 53 & CloudFront

Best Answer

In DNS, example.com needs to be an A record with Alias set to Yes, pointing to the CloudFront endpoint.

This means example.com no longer points to your origin server, so you have to use a different name as the origin host. One option is to use the EC2 public DNS name for the instance.

By default, CloudFront will set the origin domain name in the Host: header when sending the request to the instance. You can override this in Cache Behavior by whitelisting the Host header, so that example.com is sent inside the request to the origin, even though the DNS entry used to actually find the origin differs.

If $ dig example.com doesn't return a large number of IP addresses, then you aren't currently actually using CloudFront.

HTTP responses that come back from CloudFront will also contain extra headers, including X-Amz-Cf-id, X-Cache, Via, and sometimes Age.

Related Solutions

How to setup subdomains for AWS EC2 Ubuntu Instance

By far the easiest way to do this is to create a wildcard DNS record for example.com. for example

*.example.com. 14400 A 10.10.10.10

or a CNAME

*.example.com CNAME example.com.

Remember that Apache will serve the content of the first vhost whose ServerName or Serveralias matched the Host: header in the http request. If none of these match then the content of the first vhost defined is served as it is considered the default vhost.

To get apache to server content the easiest way is to use NameBasedVirtual hosting.

If you want to server the same content from each vhost then just define one

NameVirtualHost *:80
<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/html
    ...
</VirtualHost>

If you want to serve different (but the same) content from sub1.example.com and sub2.example.com then you could do something line this

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName sub1.example.com
    ServerAlias sub2.example.com
    DocumentRoot /var/www/sub1sub2
    ...
</VirtualHost>

<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/html
    ...
</VirtualHost>

and so on.

If you have many of vhosts to setup and configure you may want to have a look at Apache's Dynamically configured mass hosting documentation.

Certificate Mismatch setting up Route53, CloudFront, Custom Origin

First of all, you need to upload your custom SSL certificate to Cloudfront in order to avoid issues during the SSL validation. If you do not upload a custom certificate valid for your website name, Cloudfront offers a certificate valid only for its own domain cloudfront.net.

Then, you need a couple of records in your DNS zone in Route53:

The public website records ("www" and apex) should point to your Cloudfront distribution.
Another auxiliary record ( for example, "origin") is required for your Cloudfront origin setup, as Cloudfront does not allow IP origins. This auxiliary record should point to your actual web server. It is important that you configure your distribution to forward the Host header in order to allow your web server to serve the right contents.

With this setup, your customers are routed to Cloudfront through your www/apex records, and Cloudfront locates the actual web server through the origin record. Clodflare saves you from implementing all this logic because you delegate your DNS to them, but in fact this is what they do in the background when you enable the CDN feature in your DNS panel.