Unable to connect to a single AWS ALB with custom Host Header listening rules

I’m attempting to use Cloudflare DNS proxy to connect to our new AWS ALB configuration. I just recently enabled Host Header listener rules on the AWS ALB so we access multiple web app on a single ALB.

Here’s a sample of my working AWS DNS URLs (configured by Host Headers on the AWS ALB)

https://hello-internet-a.cxfabricaws.com/
https://hello-internet-b.cxfabricaws.com/

In my Cloudflare DNS records, I’ve added these CNAMES for each URL above

https://hello-internet-a/cxfabric.io/
https://hello-internet-b.cxfabric.io/

Both fail with 404 errors.
Both fail with security errors for the SSL certificate (for AWS wildcard cert *.cxfabricaws.com)

This problem only occurs when the Host Header listen rules are configured on the AWS ALB. I’ve set both CNAME entries for DNS only but it’s still bad.

It’s my understanding that I must configure CF to handle Host Headers. I’ve done much research and made several attempts to add support but haven’t been successful. Please advise.

Thanks!

I had a typo in my original post. See fix below.

In my Cloudflare DNS records, I've added these CNAMES for each URL above

https://hello-internet-a.cxfabric.io/
https://hello-internet-b.cxfabric.io/

Both fail with 404 errors.
Both fail with security errors for the SSL certificate (for AWS wildcard cert *.cxfabricaws.com)


This may seem fairly obvious, but the names configured on your load balancer must be the same as the domain you have on Cloudflare. They seem to be very different to me.

The domains are different, which is precisely the problem. I need to know if there is way to handle it. It sounds like the Cloudflare Rewrite Host Headers is a possible solution. It’s only available with CF Enterprise plan though. Thanks!

https://developers.cloudflare.com/rules/page-rules/how-to/rewrite-host-headers/

Why can you not change the ALB listener to the correct hostname?

The cxfabricaws.com URLs are mapped to the AWS ALB in Route 53. The domain cxfabricaws.com is hosted by AWS Route 53. The SSL/TLS cert for this domain was created in AWS Certificate Manager and issued by Amazon.

On the Cloudflare side: We have registered the domain cxfabric.io with Cloudflare. The SSL/TLS cert in the web browser for cxfabric.io was issued by Google Trust Service. Note: I did not originally setup this Cloudflare account.

So far, I’ve only configured Cloudflare as a reverse proxy for CNAMEs to the AWS domain (as described above). Is it possible to configure the AWS ALB Host Headers to match my Cloudflare domain cxfabric.io and have it function properly? If so, what exactly is needed? If you’re familiar with such a configuration, please send more details. Thanks!

I’d do it as this guide suggests:

1 Like

Fantastic! This is exactly the type of guidance I needed. Everything is now working as required.

I wasn’t able to find a good step-by-step explanation online for this configuration. I’ll hold onto the Bob Cares URL for future issues. Thanks again!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.