From b783085b03d27148aa930f52da95b0d4d9130aed Mon Sep 17 00:00:00 2001 From: "jesper.eneberg" Date: Sun, 30 Oct 2016 23:39:28 +0100 Subject: [PATCH 1/3] Added Cloudfront Gotchas about 2048 bit ssl cert --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7b63221..ca5ed5b 100644 --- a/README.md +++ b/README.md @@ -1332,6 +1332,7 @@ CloudFront - 🔸If using S3 as a backing store, remember that the endpoints for website hosting and for general S3 are different. Example: “bucketname.s3.amazonaws.com” is a standard S3 serving endpoint, but to have redirect and error page support, you need to use the website hosting endpoint listed for that bucket, e.g. “bucketname.s3-website-us-east-1.amazonaws.com” (or the appropriate region). - 🔸By default, CloudFront will not forward HTTP Host: headers through to your origin servers. This can be problematic for your origin if you run multiple sites switched with host headers. You can [enable host header forwarding](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior) in the default cache behavior settings. +- If you want to use a self-obtained SSL certificate with Cloudfront. Make sure it's 2048 bits since Cloudfront only support 2048 bits SSL certificates. [Ongoing discussion](https://forums.aws.amazon.com/thread.jspa?threadID=148783) DirectConnect ------------- From 39de2b41fa938aacf3e4bb581ad511c1b8cd5d55 Mon Sep 17 00:00:00 2001 From: Jesper Eneberg Date: Mon, 31 Oct 2016 00:17:54 +0100 Subject: [PATCH 2/3] Added Cloudfront Gotchas about 2048 bit ssl cert --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ca5ed5b..c0b8571 100644 --- a/README.md +++ b/README.md @@ -1332,7 +1332,7 @@ CloudFront - 🔸If using S3 as a backing store, remember that the endpoints for website hosting and for general S3 are different. Example: “bucketname.s3.amazonaws.com” is a standard S3 serving endpoint, but to have redirect and error page support, you need to use the website hosting endpoint listed for that bucket, e.g. “bucketname.s3-website-us-east-1.amazonaws.com” (or the appropriate region). - 🔸By default, CloudFront will not forward HTTP Host: headers through to your origin servers. This can be problematic for your origin if you run multiple sites switched with host headers. You can [enable host header forwarding](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior) in the default cache behavior settings. -- If you want to use a self-obtained SSL certificate with Cloudfront. Make sure it's 2048 bits since Cloudfront only support 2048 bits SSL certificates. [Ongoing discussion](https://forums.aws.amazon.com/thread.jspa?threadID=148783) +- 🔸If you want to use a self-obtained SSL certificate with Cloudfront. Make sure it's 2048 bits since Cloudfront only support 2048 bits SSL certificates. [Ongoing discussion](https://forums.aws.amazon.com/thread.jspa?threadID=148783) DirectConnect ------------- From 3367b9bc736e4091bc36834e9b79da85340d9b6a Mon Sep 17 00:00:00 2001 From: Jesper Eneberg Date: Wed, 7 Dec 2016 23:29:12 +0100 Subject: [PATCH 3/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c0b8571..a8ce49c 100644 --- a/README.md +++ b/README.md @@ -1332,7 +1332,7 @@ CloudFront - 🔸If using S3 as a backing store, remember that the endpoints for website hosting and for general S3 are different. Example: “bucketname.s3.amazonaws.com” is a standard S3 serving endpoint, but to have redirect and error page support, you need to use the website hosting endpoint listed for that bucket, e.g. “bucketname.s3-website-us-east-1.amazonaws.com” (or the appropriate region). - 🔸By default, CloudFront will not forward HTTP Host: headers through to your origin servers. This can be problematic for your origin if you run multiple sites switched with host headers. You can [enable host header forwarding](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior) in the default cache behavior settings. -- 🔸If you want to use a self-obtained SSL certificate with Cloudfront. Make sure it's 2048 bits since Cloudfront only support 2048 bits SSL certificates. [Ongoing discussion](https://forums.aws.amazon.com/thread.jspa?threadID=148783) +- 🔸4096-bit SSL certificates: CloudFront do not support 4096-bit SSL certificates as of late 2016. If you are using an externally issued SSL certificate, you’ll need to make sure it’s 2048 bits. See [ongoing discussion](https://forums.aws.amazon.com/thread.jspa?threadID=148783). DirectConnect -------------