1

I've been tasked with setting up our web app on CloudFront. Our web app is hosted on an Ubuntu server that is completely outside AWS.

I have little to no experience with CDNs, but I've made some decent progress on it. Unfortunately, the docs are unhelpful because most of them assume you're using S3, especially hosting a static site or something to that effect.

So, here is what is unique about our setup:

  • We originally used Cloudflare (not CloudFront) and our DNS is still ultimately hosted with them.
  • I've updated the Cloudflare DNS entries with NS records that point to Route 53. So now Route 53 handles DNS for the subdomain I'm working with, and points us toward the CloudFront distribution domain instead.
  • I've created a distribution for the subdomain (let's say app.example.com), and requested a public SSL/TLS certificate, which I believe I have now installed and configured correctly. (The reason I say this is that I was originally getting privacy errors in Chrome when visiting app.example.com, but this error went away after I figured out the SSL/TLS certificate part.)

Now, what is happening, is when I visit app.example.com I am getting a 403 error that reads:

The request could not be satisfied.

Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

CloudFront is having issues talking to the origin server.

I'm not sure if the issue is possibly a secondary SSL/TLS certificate issue (i.e. do I need to install another cert on the Ubuntu box? It already uses letsencrypt. Does it need to be the public certificate I requested from AWS or a new one?).

Or, is it possible that the DNS setup is somehow making it impossible for CloudFront to know how to even find the origin server? (After all, the DNS for app.example.com points us to CloudFront, so how is CloudFront supposed to know how to find the origin server?) Having never worked with CDNs before, I'm a bit confused.

So far every troubleshooting guide assumes the 403 error is coming from an incorrect S3 bucket policy or something like that, but again, I'm not using S3 to serve the web app.

Improve this question
2
  • have you figured out how to handle this? I have a similar problem with self-hosted web app outside of AWS, with third party domain provider (in your case it is Cloudflare, in mine it is domena.pl). I can't figure out how to make AWS work with external server being exposed to internet via 80 and 443 port
    – Jacob
    Sep 27, 2022 at 20:53
  • @Jacob At the moment I am no longer working on this particular project, and I never found a solution. I do think I came to understand that the CDN isn't meant to sit in front of the entire application, just the static assets. (Even though I was being asked to "turn it on" for the entire application. I knew something seemed odd about that.)
    – fronzee
    Sep 28, 2022 at 21:57

0

Reset to default

You must log in to answer this question.