Custom domain using AWS Cloudfront

michael.brizic · November 18, 2021, 4:19pm

I've read this blog post which has been helpful in getting started: Custom Domain

However, due to various requirements on our end, I need to proxy our Elastic Cloud Kibana instance using AWS Route53/Cloudfront. And for this reason I'm writing this post.

I've managed to setup a distribution with my specific elastic/kibana instance URL as the origin. I also added the following two Request headers:
kbn-xsrf: kibana
x-found-cluster: {my-uid-kibana}

My custom domain passes all TLS verifications via curl and any browser including Qualsys tests. However, when I navigate to my custom domain I get:

{"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}

If I navigate to my custom domain with /login appended then I get presented the login page. But once I login, it redirects back to my custom domain and returns the above 401 unauthorized error again.

I must be missing another request/response configuration to properly handle redirects after successfully logging in? I'm not sure.

Anyone able to help?

michael.brizic · November 18, 2021, 7:19pm

UPDATE:

I managed to get around the problem regarding not being able to /login successfully.

However, I still cannot navigate to the root of my custom domain without appending /login

Also, when I try to logout, I get the following error:

{"statusCode":400,"error":"Bad Request","message":"Client should be able to process redirect response."}

tsullivan · December 2, 2021, 8:13pm

It sounds like the proxy is not processing redirects. Have you checked for this type of issue in the AWS documentation? Maybe this page provides some clues: Request and response behavior for custom origins - Amazon CloudFront

system · December 30, 2021, 8:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.