How to create CloudFront Distributions / CDN in AWS with Origin EC2 / Loadbalancer

Origin Settings

Step 1 : Login AWS console ( https://console.aws.amazon.com )

Step 2 : Open CloudFront console ( https://console.aws.amazon.com/cloudfront/ )

Step 3 : Click on "Create Distribution" 

Step 4 : Click on "Get started" on Web

Step 5 : "Origin Domain Name" = Select your load balancer for EC2 

Step 6 : Origin Path = Blank (add cdn file directory path if specific dir add for CDN )

Step 7 : Origin SSL Protocols = default selection

Step 8 : Origin Protocol Policy = HTTP Only

Step 9 : Origin Response Timeout = 30 (default) 

Step 10 : Origin Keep-alive Timeout = 5 (default)

Step 11 : HTTP Port = 80  (default)

Step 12 : HTTPS Port = 443 (default)

Step 13 : Origin Custom Headers = Blank (like default) 

Default Cache Behavior Settings 

Step 14 : Viewer Protocol Policy = HTTP and HTTPS

Step 15 : Allowed HTTP Methods = GET, HEAD

Step 16 : Field-level Encryption Config = blank (default)

Step 17 : Cache Based on Selected Request Headers = None (default)

Step 18 : Object Caching = Use Origin Cache Headers (default)

Step 19 : Forward Cookies = None (default)

Step 20 : Query String Forwarding and Caching = None (default)

Step 21 : Smooth Streaming = No (default)

Step 22 : Restrict Viewer Access (Use Signed URLs or Signed Cookies) = No (default)

Step 23 : Compress Objects Automatically = No (default)

Step 24 : Lambda Function Associations = (default)

Distribution Settings

Step 25 : Price Class = Use U.S., Canada, Europe, Asia and africa (You can select ALL for best performance world wide)

Step 26 : AWS WAF Web ACL = None (default)

Step 27 : Alternate Domain Names (CNAMEs) = Subdomain like cdn.jaydipkansagra.com (you can add multiple domain here)

Step 28 : SSL Certificate = Select custom if you want SSL on cdn url ( If option disable you need to create Certificates into N.Virginia ) 

Step 29 : Supported HTTP Versions = HTTP/2, HTTP/1.1, HTTP/1.0

Step 30 : Default Root Object = Blank (default)

Step 31 : Logging = Off (default)

Step 32 : Enable IPv6 = Checked (default)

Step 33 : Comment = Blank (default)

Step 34 : Distribution State = Enabled (default)

Step 35 : Click on Create Distribution button (default)

Pointout domain 

Step 36 : Point subdomain cdn.jaydipkansagra.com to d111111abcdef8.cloudfront.net

Step 37 : open the Route 53 console at https://console.aws.amazon.com/route53/

Step 38 : Click Hosted Zones

Step 39 : Click Create Record Set

Step 40 : Name = cdn, Type = CNAME, Alias = NO, TTL (Seconds) = 300, Value = d2m9sh2v6fo5gb.cloudfront.net

Step 41 : Click on save button

Step 42 : Finish : Open http://cdn.jaydipkansagra.com thats done

How to install custom or subdomain SSL certificate in AWS.

How to install custom or subdomain SSL certificate in AWS.

1. sudo dpkg –s openssl

2. sudo a2enmod ssl

3. sudo service apache2 restart

4. openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
1. Country Name (2 letter code) [AU]: GB
2. State or Province Name (full name) [Some-State]: Surrey
3. Locality Name (eg, city) []: London
4. Organization Name (eg, company) [Internet Widgits Pty Ltd]: Company Name Pvt Ltd
5. Organizational Unit Name (eg, section) []: IT Department
6. Common Name (eg, YOUR name) []: yourdomain.com
7. Email Address []:webmaster@yourdomain.com
8. A challenge password []:
9. An optional company name []:

5. GET Certificate files and upload to "/var/www/html/cert/" :
1. private.key - Which you have generate using step 4
2. c00d2e98b15a0818.crt - Which you get certificate 3rd party
3. gd_bundle-g2-g1.crt - Which you get chain 3rd party

6. sudo nano /etc/apache2/sites-available/default-ssl.conf
**************
**************
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
*******
*******
*******
SSLCertificateFile "/var/www/html/cert/c00d2e98b15a0818.crt"
SSLCertificateKeyFile "/var/www/html/cert/private.key"
SSLCertificateChainFile "/var/www/html/cert/gd_bundle-g2-g1.crt"
*******
*******
*******

7. sudo a2ensite default-ssl.conf

8. sudo service apache2 restart

9. Check your ssl : https://www.sslshopper.com/ssl-checker.html