Pointing subdomain to AWS Application Load Balancer

I have registered the domain via Cloudflare so the nameservers are automatically assigned and configured to point to my domain name.

As you can see from the screenshot I have added a CNAME record to redirect to my AWS ALB. I have copied the DNS name from the AWS console which successfully resolves when I directly access the LB via web browser.

More than 24 hours have passed since domain registration and DNS settings update. Does anyone know what the problem might be? Should I wait more? Thanks!

No. A new record would start to work basically immediately, whereas changes would be visible after about 5 minutes.

Without knowing your domain however, it’s hard to say what’s wrong.

Hi Laudian, thanks for the reply. Domain name is bogdanjovanovic.dev.

dig +short auticparkic-api.bogdanjovanovic.dev

It’s working just fine. Have you configured the loadbalancer to use your domain?

I don’t think I should configure AWS ALB to use my domain, I just need to point my Cloudflare
domain to ALB DNS provided by AWS.

Well, the problem is definitely because the loadbalancer is not responding.

curl -v https://auticparkic-api.bogdanjovanovic.dev
*   Trying

Via http, it does work:

curl -v http://auticparkic-api.bogdanjovanovic.dev
*   Trying
* Connected to auticparkic-api.bogdanjovanovic.dev ( port 80 (#0)
> GET / HTTP/1.1
> Host: auticparkic-api.bogdanjovanovic.dev
> User-Agent: curl/7.81.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< Date: Tue, 26 Sep 2023 09:49:05 GMT
< Content-Length: 0
< Connection: keep-alive
< Location: /swagger-ui/index.html
* Connection #0 to host auticparkic-api.bogdanjovanovic.dev left intact

(It obviously cannot work with https, as the server does not have a certificate for your domain)

1 Like

(It obviously cannot work with https, as the server does not have a certificate for your domain)

It is expected since HTTPS is not configured yet. Why does HTTP work via curl and not in a web browser?

I can see in my browser Network tab that is getting 307 meaning my browser is immediately trying to connect to HTTPS without even trying to connect to HTTP first. Am I correct?

Also, installing SSL certificate in Cloudflare for domain, would that resolve my issue?

Yes, all .dev domains will automatically use HSTS (and thus, HTTPS) in most common browsers.

To fix your problem, you need to configure the loadbalancer to serve your domain, as I said previously. This requires you to install an SSL certificate on your loadbalancer.

1 Like

This is the result of a new feature in most browsers that will change requests using http to https if the domain publishes a special DNS record, like a DNS-based HSTS. curl does not care about that record. Please see:

Ahh, in this case, it’s actually due to .dev being on the HSTS preload list, not an HTTPS record.

But curl does not care about that either, obviously.

1 Like

Thanks guys for the help, I have configured HTTPS and everything works now :raised_hands:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.