I am trying to create an alias in my hosted zone for a non-www to point to a www record.
In console, I just create an A record, set it as an alias, and choose Alias to another record in this hosted zone but I don't see a way to do this in the CDK.
This won't work as it's not an IP address:
// Add non-www alias for domain
const _nonWwwARecord = new ARecord(this, 'non-www-to-www', {
zone: _prodHostedZone,
target: RecordTarget.fromValues(`www.${DOMAIN}`),
ttl: Duration.minutes(5),
});
I get:
[Invalid Resource Record: 'FATAL problem: ARRDATAIllegalIPv4Address (Value is not a valid IPv4 address)
If I attempt to use RecordTarget from #aws-cdk/aws-route53-targets I don't see any options for a record in the same hosted zone.
Not sure why this is so confusing but I cannot seem to get past this...
It may help to understand that the www record is set by ApplicationLoadBalancedFargateService.
The package #aws-cdk/aws-rout53-targets currently doesn't include a target for another Route 53 record.
In the meantime you can unblock yourself with a custom implementation for bind():
// Create a A record that is an alias for `otherRecord`
new ARecord(this, 'Alias', {
zone: myZone,
target: RecordTarget.fromAlias({
bind: () => ({
dnsName: otherRecord.domainName,
hostedZoneId: myZone.hostedZoneId,
}),
}),
});
Related
I'm trying to set up a custom domain for my API Gateway and Lambda function.
I registered a domain with route53. Ex: myDomainToTestApi.net
I also created the certificates for: myDomainToTestApi.net, *.myDomainToTestApi.net, www.myDomainToTestApi.net
I installed the plugin serverless-domain-manager for serverless framerwork
In my serverless.yml I added (under custom):
customDomain:
domainName: myDomainToTestApi.net
basePath: ''
stage: ${opt:stage, 'dev'}
certificateName: '*.myDomainToTestApi.net'
createRoute53Record: true
ALL resources are in us-east-1
When I run:
sls create-domain
I receive the following error...
Serverless: Load command test
Serverless: Load command dashboard
Serverless: Invoke create_domain
Serverless: [AWS apigateway 404 0.374s 0 retries] getDomainName({ domainName: 'myDomainToTestApi.net' })
Serverless Domain Manager: NotFoundException: Invalid domain name identifier specified
Serverless: [AWS acm 200 0.35s 0 retries] listCertificates({ CertificateStatuses: [ 'PENDING_VALIDATION', 'ISSUED', 'INACTIVE', [length]: 3 ] })
Error --------------------------------------------------
Error: Error: Could not find the certificate *.myDomainToTestApi.net.
at ServerlessCustomDomain.<anonymous> (/Users/user/project/node_modules/serverless-domain-manager/dist/index.js:279:23)
If I go to the Certificate Manager view, the status for all is Issued
Anyone knows what could be happening...? Thanks.
Try to add another propertie called certificateArn, you can find certicateArn in the certificate manager detailed view of the domain
certificateArn: 'xxxxx'
It is actually
sls create_domain
(notice the underscore)
So I was setting up an ADFS service on a Windows Server 2016 instance. I created a Relying Party Trust, and was about to create 2 claim issuance policies since our Service Provider has a nameId policy which needs to be met. The required policy is as follows
<NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress" AllowCreate="true"/>
So I added these two claims:
The second is a transformation rule as follows:
This resolves to the rule language:
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
The problem is, that this generates a format of urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and not urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress as in the requested policy and seemingly I can't change it to SAML2.0 as I can not manually edit the rule. Any ideas to fix this?
Copy that rule and use it to make a new custom policy rule and then edit it.
I would like to pipe all traffic through an NGINX proxy and make sure that the node server won't be accessible directly from the outside.
Node's http module has the ability to listen on a given port on localhost only, is there an option to enable sails.js to do the same?
Simply add this line:
config/local.js
explicitHost: process.env.HOST || 'localhost'
Or you could add a policy:
config/policies.js
module.exports.policies = {
'*': 'isLocal'
}
api/policies/isLocal.coffee
# sessionAuth
#
# #module :: Policy
# #description :: Accept only local connections
# #docs :: http://sailsjs.org/#!documentation/policies
module.exports = (req, res, cb) ->
if req.ip is '127.0.0.1' then cb()
else res.forbidden new Error 'Accept only local connections'
Not sure why you want to use Sails to restrict access to only localhost when you're using nginx as a proxy server (nginx is designed to do what you want). You can use an nginx configuration file to restrict local access to your Sails app.
server {
listen 80;
server_name www.yourSailsApp.com;
...
location / {
allow 127.0.0.1;
deny all;
}
}
You may need to add your site to your HOSTS file /etc/hosts:
127.0.0.1 yourSailsApp.com
Alternatively, you can just find the public IP of your server and use that in the nginx configuration instead, in the allow field.
There is one strange domain that is pointing to the IP address of my server.
Sometimes DNS gets confused and it says that I am connected to that domain instead of my own.
I tried contacting the domain owner and domain registrar to remove the DNS A record that points to my machine but they weren't helpful at all
Now I am trying to redirect:
www.foreigndomain.com
to
www.myowndomain.com
so when someone types or opens www.foreigndomain.com it redirects to the my original domain instead serving my content under the www.foreigndomain.com.
I tried to add this to nginx.conf:
server {
server_name .foreigndomain.com;
rewrite ^ http://www.myowndomain.com$request_uri? permanent;
}
but this creates a redirect loop, I'm not quite sure why.
How do I do this right?
The redirect loop happens because www.myowndomain.com matches the same server that does the redirection, to fix this create another server to capture that server name
server {
server_name .foreigndomain.com;
return 301 http://www.myowndomain.com$request_uri;
}
server {
server_name www.myowndomain.com;
location / {
#config here
}
}
If you already have a server with server name myowndomain.com then you need to add the www variant to it.
server {
server_name myowndomain.com www.myowndomain.com;
location / {
# config here
}
}
Try this rewrite variant:
server {
server_name .foreigndomain.com;
return 301 http://www.myowndomain.com$request_uri;
}
I have configured a new email server for my company, we are using a cloud server on theplanet.com and a shared hosnting on bluehost.com, I configured the server using iredmail, all works great but when I try to test the dkim keys with amavisd testkeys it returns:
TESTING#1: dkim._domainkey.mydomain.com => invalid (public key: not available)
I set the dns record on dns panel in blehost
name: mail._domainkey
type: txt
value:"v=DKIM1; p=MIGfM......"
when I try to validate via auth#verifier.port25.com it returns
DKIM check details:
----------------------------------------------------------
Result: permerror (key "dkim._domainkey.mydomain.com" doesn't exist)
Please help me with this error
You created a DNS record of mail._domainkey.mydomain.com but your DKIM signer is using a selector of dkim therefore it's looking up dkim._domainkey.mydomain.com. If you rename the DNS record so that they match up it should work.