A CloudFront distribution can serve your website to users in a CDN, which means that they experience faster load times. It can also be used for adding various security features such as adding a Web Application Firewall (WAF), adding your SSL/TLS certificate, etc.
If you use AWS with a CloudFront CDN distribution for your domains, along with Plesk then you can set these up to work together through the following guide.
Plesk includes a page on their website for CloudFront although it does not detail any setup process – https://www.plesk.com/wiki/amazon-cloudfront/
This guide isn’t to provide the the most optimal details of setting up a CloudFront distribution as you may want to tweak aspects of the distribution setup based on your needs, but this should be enough to enable you to have a functioning setup between CloudFront and a Plesk domain. It assumes that you have your domain setup with functioning website in Plesk.
Add the origin record for CloudFront in Route 53
If the DNS for your domain is managed via Route 53, create an origin A record to point to the server IP address. The Record Name can be anything, and the Value should be of your Plesk server IP.
If using another service for your DNS, create the equivalent record there.
Create the CloudFront Distribution
When creating your CloudFront distribution, some notables fields based on the section of the Create Distribution page are below. You may need to adjust some fields based on your setup.
Origin
| Origin domain | Set to your required origin (i.e. the domain record set up in the previous step) |
| Protocol | HTTP only You could set this to Match Viewer, or HTTPS only if you have a valid certificate for the domain(s) installed on the server but would need to manage that outside of the scope of this guide |
| Name | Set to your origin name (it will be automatically added when setting your origin domain) |
Default Cache Behavior
| Viewer | Redirect HTTP to HTTPS |
| Cache Policy | HostedPlesk This is a custom policy that has been created. See Setting up the CloudFront Cache Policy below for more information on this setup |
| Origin Request Policy | AllViewer You may want to change this as required |
| Response Headers Policy | SecurityHeadersPolicy This is the default policy provided – change as required |
Settings
| Alternate Domain Name | Add any of your domain names that the distribution will serve |
| Custom SSL Certificate | Your selected certificate, generated in AWS Certificate Manager – remember to add all domains to the certificate that are listed in the Alternate Domain Name section above |
Setting up the CloudFront Cache Policy
In the example of setting up the CloudFront distribution above, there is a Cache Policy that has been selected called HostedPlesk. This is a custom Cache Policy which has been created to pass the appropriate headers across to Plesk so that the website can be shown via the distribution.
The setup for this is shown below:
The main aspect to note here is to add the following Headers:
- Origin
- CloudFront-Forwarded-Proto
- Referer
- Host
These will be passed through to the server.
Linking the domain to the CloudFront Distribution
Once the CloudFront Distribution has been created, link the domain to this distribution. This will be made by adding a CNAME record pointing to the CloudFront Domain Name. You can find the URL in the main CloudFront page:
In this example, it is shown as:
abcdefghijkl.cloudfront.netIf using Route 53 or other service, create a new CNAME record with this as the value. Route 53 also allows you to create it as an A record, but as an alias to the distribution:
When checking Alias, and selecting to route traffic to ‘Alias to CloudFront distribution’, if everything has been set up correctly to this point it will allow you to select the distribution.
Setting up the Plesk to domain to display the website via the Distribution
At this point, assuming that your Plesk domain was already set up, you may navigate to the website URL and find that it is showing a Too Many Redirects error.
This is likely to be because Plesk is trying to redirect from HTTP to HTTPS as it is only seeing the HTTP when behind CloudFront. To overcome this, within Plesk you can navigate to Websites & Domains > Your Domain > Hosting Settings. Here, you can deselect the checkbox for:
Permanent SEO-safe 301 redirect from HTTP to HTTPS
You may still find that the Too Many Redirects error is still showing when returning to the website. This could then be down to the CloudFront caching. You can either look in to invalidating the caches in CloudFront, or as a temporary check, add a URL parameter so that it creates a fresh request.
Server Code Checks for HTTPS
Depending on the application you are using on the server, you may also need to add additional checks to notify that HTTPS is being used. For example, this could be via your CMS, such as WordPress.
In the case of WordPress (or PHP generally), an additional check in the config setup file may be required:
if ( ( isset( $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] ) && $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] === 'https' ) || ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) ) {
$_SERVER['HTTPS'] = 'on';
}The above checks for the CloudFront server variable being present, and sets the HTTPS flag to ‘on’. For WordPress, this would be added to the wp-config.php file.
Without the above, links may be shown with just HTTP.
