Skip to main content

Setting up CloudFront with a Plesk Domain

A CloudFront distribution can serve your website to users in a CDN, which means that they experience faster load times. It can also be used for adding various security features such as adding a Web Application Firewall (WAF), adding your SSL/TLS certificate, etc.

If you use AWS with a CloudFront CDN distribution for your domains, along with Plesk then you can set these up to work together through the following guide.

Plesk includes a page on their website for CloudFront although it does not detail any setup process –

This guide isn’t to provide the the most optimal details of setting up a CloudFront distribution as you may want to tweak aspects of the distribution setup based on your needs, but this should be enough to enable you to have a functioning setup between CloudFront and a Plesk domain. It assumes that you have your domain setup with functioning website in Plesk.

Add the origin record for CloudFront in Route 53

Screenshot of Route 53 record for CloudFront origin domain settings

If the DNS for your domain is managed via Route 53, create an origin A record to point to the server IP address. The Record Name can be anything, and the Value should be of your Plesk server IP.

If using another service for your DNS, create the equivalent record there.

Create the CloudFront Distribution

When creating your CloudFront distribution, some notables fields based on the section of the Create Distribution page are below. You may need to adjust some fields based on your setup.

CloudFront Example setup. Click on the image to view the full version


Origin domainSet to your required origin (i.e. the domain record set up in the previous step)
ProtocolHTTP only
You could set this to Match Viewer, or HTTPS only if you have a valid certificate for the domain(s) installed on the server but would need to manage that outside of the scope of this guide
NameSet to your origin name (it will be automatically added when setting your origin domain)

Default Cache Behavior

ViewerRedirect HTTP to HTTPS
Cache PolicyHostedPlesk
This is a custom policy that has been created. See Setting up the CloudFront Cache Policy below for more information on this setup
Origin Request PolicyAllViewer
You may want to change this as required
Response Headers PolicySecurityHeadersPolicy
This is the default policy provided – change as required


Alternate Domain NameAdd any of your domain names that the distribution will serve
Custom SSL CertificateYour selected certificate, generated in AWS Certificate Manager – remember to add all domains to the certificate that are listed in the Alternate Domain Name section above

Setting up the CloudFront Cache Policy

In the example of setting up the CloudFront distribution above, there is a Cache Policy that has been selected called HostedPlesk. This is a custom Cache Policy which has been created to pass the appropriate headers across to Plesk so that the website can be shown via the distribution.

The setup for this is shown below:

The main aspect to note here is to add the following Headers:

  • Origin
  • CloudFront-Forwarded-Proto
  • Referer
  • Host

These will be passed through to the server.

Linking the domain to the CloudFront Distribution

Once the CloudFront Distribution has been created, link the domain to this distribution. This will be made by adding a CNAME record pointing to the CloudFront Domain Name. You can find the URL in the main CloudFront page:

In this example, it is shown as:

If using Route 53 or other service, create a new CNAME record with this as the value. Route 53 also allows you to create it as an A record, but as an alias to the distribution:

When checking Alias, and selecting to route traffic to ‘Alias to CloudFront distribution’, if everything has been set up correctly to this point it will allow you to select the distribution.

Setting up the Plesk to domain to display the website via the Distribution

At this point, assuming that your Plesk domain was already set up, you may navigate to the website URL and find that it is showing a Too Many Redirects error.

Too many redirects showing after setting up the CloudFront Distribution

This is likely to be because Plesk is trying to redirect from HTTP to HTTPS as it is only seeing the HTTP when behind CloudFront. To overcome this, within Plesk you can navigate to Websites & Domains > Your Domain > Hosting Settings. Here, you can deselect the checkbox for:

Permanent SEO-safe 301 redirect from HTTP to HTTPS

Deselecting the HTTP to HTTPS redirect in the Plesk domain hosting settings

You may still find that the Too Many Redirects error is still showing when returning to the website. This could then be down to the CloudFront caching. You can either look in to invalidating the caches in CloudFront, or as a temporary check, add a URL parameter so that it creates a fresh request.

Server Code Checks for HTTPS

Depending on the application you are using on the server, you may also need to add additional checks to notify that HTTPS is being used. For example, this could be via your CMS, such as WordPress.

In the case of WordPress (or PHP generally), an additional check in the config setup file may be required:

  $_SERVER['HTTPS'] = 'on';

The above checks for the CloudFront server variable being present, and sets the HTTPS flag to ‘on’. For WordPress, this would be added to the wp-config.php file.

Without the above, links may be shown with just HTTP.