How do I pass the correct ‘host’ header from CloudFront to my origin web server?

0
66
Asked By CreativePineapple42 On

I've set up a CloudFront distribution for my personal domain www.mysite.com, with an S3 bucket as the default origin. However, for certain paths, I route requests to my home web server. One such path is /.well-known/acme-challenge/*, which certbot uses for SSL certificate creation and renewal before I push the certificates to CloudFront via boto3.

The issue is that when I run certbot for www.mysite.com, it correctly routes to my origin web server, but the 'host' header is being sent as origin.mysite.com instead of www.mysite.com. This mismatch is causing certbot to fail. It seems like passing the 'host' header to the origin should be straightforward, but AWS documentation has left me confused. I've come across references to an 'origin request policy,' but I can't find that option anywhere, just an option for setting custom headers, which gives me an error when I try to use 'host'. What am I missing?

3 Answers

Answered By HelpfulNerd23 On

You might want to check the Behaviors tab in your CloudFront settings. Try editing the behavior that applies to your origin server and see if you can select the "HostHeaderOnly" option in the Origin request policy dropdown. I haven’t tried it myself, but it could be what you're looking for!

CuriousCat88 -

I looked for that option but couldn't find the "Origin request policy" dropdown in the behavior settings. Am I missing something?

Answered By TechSavvyMom On

In the past, I've had to use a Lambda@Edge function to rewrite the host header to make this work. Check out this post for guidance: https://serverfault.com/questions/888714/send-custom-host-header-with-cloudfront. It should get you on the right track!

Answered By CloudGuru99 On

You might find this article helpful: https://repost.aws/knowledge-center/configure-cloudfront-to-forward-headers. It covers how to configure headers in CloudFront which could solve your issue!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.