Using custom domain on AWS Ec2

I spun up a server using the cloud formation approach. I’ve set up an external app and successfully connected to it through the dns host name of the EC2 instance and a self sign certificate.
With Michael’s help, I’ve managed to disable the call app.
Now I need to connect it to a custom domain and get a lets encrypt certificate. I have:

  1. Set a cname for openvidu.fitzip.ca to point to https://ec2-52-14-206-60.us-east-2.compute.amazonaws.com which is my EC2 instance
  2. Set OPENVIDU_DOMAIN_OR_PUBLIC_IP=openvidu.fitzip.ca and CERTIFICATE_TYPE=letsencrypt and LETSENCRYPT_EMAIL=andy@netamity.com in .env
  3. Restarted openvidu using ./openvidu restart

I can still access the dashboard if accept the security warning at https://ec2-52-14-206-60.us-east-2.compute.amazonaws.com/dashboard/

Trying to access https://openvidu.fitzip.ca/dashboard/ gives me a 310 error- too many redirects. I can see it comes up a SSL ok from a certificate i set up using AWS Certificate Manager (not lets encrypt- I haven’t received an email).

I also can’t connect from my external app, getting ‘WebSocket connection to ‘wss://openvidu.fitzip.ca/openvidu’ failed: Error during WebSocket handshake: Unexpected response code: 301’

I did previously try adding a load balancer to the openvidu EC2 instance and pointing openvidu.fitzip.ca at the load balancer, and i was getting the same too many redirects error.

If I can access openvidu through the raw EC2 public DNS (or IP) and I have the DNS for openvidu.fitzip.ca pointing at that address, why am I not getting the same result as using the EC2 public dns.

And what might I have missed re the letsencrypt email. Nothing received. I don’t think this is the main issue, but its something else to overcome.

Thank you for your assistance so far and you patience with this newby.

Hello @netamity ,

You don’t happen to be using Cloudflare DNS provider?

This same problem was reported by another user with this provider and the solution can be seen here AWS Cloudformation domain issue

If you’re not using Cloudflare, tell me and we’ll keep investigating.

Regards

Hi Oscar, no, not using cloudflare. Just a EC2 instance with the domain openvidu.fitzip.ca pointed at it.
The ‘too many redirects’ thing could be an attempt to switch between http and https though, that would explain a loop, but not sure why and how to stop it.
Your help is appreciated!

Hi, @netamity,

What version of Openvidu are you using? and what type of deployment On Premise or Cloud Formation?

Which dns provider provides you with the domain openvidu.fitzip.ca?

Regards

It was spun up with the cloud formation script (with AWS) - version 2.13 .
The nameservers for fitzip.ca are ns1.justlink.info. I think it’s a US/Canada based web host.
I set a cname record like so:
openvidu.fitzip.co ec2-52-14-206-60.us-east-2.compute.amazonaws.com
and two other records are now seen in whois for openvidu.fitzip.ca which are different to the root fitzip.ca records
openvidu.fitzip.ca SOA dns-external-master.amazon.com root@amazon.com 49158 28800 900 604800 900
and
openvidu.fitzip.ca A 52.14.206.60
which both seemed to auto generate
The A record is indeed the IP address of the EC2 instance
The SOA record was also generated when I added the cname record (or perhaps when I changed it from the load balancer dns previously

Hope this all makes more sense to you then me :slight_smile:

nb. The SSL padlock I get when I go to https://openvidu.fitzip.ca is issued by amazon, so it looks like its the one issued when I set up the load balancer. The certificate for https://fitzip.ca (where the external app is hosted) is issued by another provider. I have set .env in openvidu to use letsencrpt. Could this suggest the issue?

Hello @netamity,

What you are doing is not right because the IPs Amazon assigns are volatile and will end up changing.

Also using a CNAME is not right for this and may be what is going into the redirection loop.

Please try creating an elastic IP in amazon and assign it in the Cloud Formation when you generate the cluster.

Also assign this elastic IP to your domain openvidu.fitzip.ca with a type A record.

Regards

Thanks Oscar, I’ll give it a go. I have set up a few load balanced applications (not openvidu) using a cname pointing at the public DNS of the load balancer with success. But I’ll try your approach and reply back. Many thanks for your assistance.

Just to follow up. I used this approach and have it working. Thank you for your assistance.

1 Like