- Newest
- Most votes
- Most comments
Hi Aldrin,
Could you please let me know on which URL you are experiencing a 502 error? Is it the one that's using CloudFront or the one that's using Global Accelerator?
Hi Aldrin,
1.Can you double-check if the proper SSL certificate is assigned to CloudFront? 2.Could you please verify that the host headers have been configured correctly in the Application Load Balancer (ALB)? 3. Could you please investigate if there are any internal firewalls or security measures that might be blocking the traffic flow from Amazon CloudFront to the Application Load Balancer (ALB)?
Hi, I just fixed the issue. It appears that the www.site.com has no certificate attached on it (certificate issued from the server provider). I found the issue by overriding DNS on my /etc/hosts via assigning static IP from the server to www subdomain. It seems the website URL option in WordPress settings must set to www.site.com. After putting CloudFront CNAME to www. reverse proxy just miraculously worked!
Based on the information provided, your hunch about SSL mismatching on the origin domain being a potential cause of the 502 Gateway error is likely correct. There are a few key points to consider:
-
SSL/TLS Certificate Mismatch: The SSL certificate on your origin server (origin.site.com) must include the origin domain name in its Common Name or Subject Alternative Names (SAN) field. While you've listed several domains in the SAN, it's crucial to ensure that the origin domain (origin.site.com) is explicitly included and matches exactly what CloudFront is trying to connect to.
-
Host Header Handling: CloudFront sends the Host header to the origin with the value specified in the Origin Domain Name field of your distribution. If your origin server is not configured to handle this Host header correctly, it can lead to a 502 error.
-
Origin Server Configuration: Ensure that your WordPress server (hosted outside AWS) is properly configured to accept requests from CloudFront. This includes allowing the necessary CloudFront IP ranges through any firewalls and ensuring the server can handle the SSL/TLS negotiation with CloudFront.
-
SSL/TLS Protocol and Cipher Suite Compatibility: Verify that your origin server supports the SSL/TLS protocols and cipher suites that CloudFront uses. Incompatibility here can also result in a 502 error.
-
DNS Resolution: Make sure that the origin domain (origin.site.com) resolves to the correct IP address of your WordPress server.
Before instructing your client to reconfigure their SSL, you can try the following:
- Use OpenSSL to test the SSL/TLS connection to the origin server and verify the certificate details.
- Check if the origin server is accessible and responding correctly when accessed directly.
- Review CloudFront distribution settings to ensure the origin protocol policy is set correctly (HTTPS only or Match Viewer).
- Verify that the origin domain in your CloudFront distribution exactly matches the domain name on the SSL certificate of the origin server.
If these checks confirm an SSL mismatch or improper configuration on the origin server, then you would indeed need to work with your client to update their SSL certificate and server configuration to properly handle requests from CloudFront.
Sources
Resolve 502 error in CloudFront | AWS re:Post
HTTP 502 status code (Bad Gateway) - Amazon CloudFront
Troubleshoot SSL connection issues in CloudFront | AWS re:Post
Hi Aldrin,
I'm pleased to hear that the issue has been resolved. If any of my answers or suggestions were helpful in your debugging process, I would appreciate if you could upvote my answer and mark it as accepted
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
Hello, im getting the 502 "The request could not be satisfied" error on www.site.com that has the cloudfront CNAME