I'm running into a 502 OriginConnectError on CloudFront for my website, and I'm pretty stumped. My setup involves CloudFront serving my custom domain with a default behavior that points to an Application Load Balancer (ALB) as the origin. Here's a quick rundown: the ALB handles HTTP requests on port 80 and redirects them to HTTPS on port 443, which is also set up correctly. The backend on the ALB is an EC2 instance that's healthy and accessible on port 80, and the SSL certificate on the ALB is valid.
I've done quite a bit of troubleshooting: the ALB works when accessed directly, both HTTP and HTTPS, and DNS resolution is correct for both my custom domain and the ALB. I've checked security configurations, confirmed the SSL validity with openssl, and tested basic connectivity through telnet. I've also tried connecting to the ALB using both HTTP and HTTPS origin protocols in CloudFront, but nothing seems to help.
If the ALB is functioning just fine directly, why is CloudFront throwing this 502 error? Have others faced a similar situation with ALBs and CloudFront? Could there be some obscure AWS settings I'm overlooking?
3 Answers
Just a thought: if you're using a custom origin, CloudFront might not be following the redirect from HTTP to HTTPS. Make sure your origin settings are set to 'HTTPS Only.' That way, it won't get tripped up by the ALB's redirect.
Have you checked the troubleshooting documentation for CloudFront's 502 errors? A lot of folks miss some configurations there. Also, ensure the security group for the ALB allows access from CloudFront's IP ranges.
Have you tried using curl to access the ALB directly while setting the Host header to match what CloudFront uses? That could give you a clue about how the ALB responds to CloudFront requests. Also, turning on ALB access logs might help you see if the requests are hitting the ALB from CloudFront and what responses are being generated.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads