Setting up DNS, TLS, and a CDN for a Pelican Static Website

The first post in this series covered creating a site with Pelican the second covered S3 hosting and Github Actions. The series will conclude with configuration of DNS, TLS, and a CDN. You will need a domain name, AWS Account, and Cloudflare account to complete this step.

Create a TLS certificate

1. To enable your distribution to serve over TLS you will request a public certificate from Amazon Certificate Manager (ACM)
   1. For the “Fully qualified domain name” enter the domain name that you will eventually want the Pelican generated site to be accessed by
   2. Select “Use DNS validation”
   3. Click Create
2. At this point the certificate will be created but not valid, you need to prove ownership via DNS. Click on the Certificate ID. In the “Domains” section note the “CNAME name” and “CNAME value”.
3. In CloudFlare console for your domain create a CNAME using the values AWS provided above
   1. The AWS “CNAME name” corresponds to “Name” in CloudFlare console
   2. The AWS “CNAM value” corresponds to “Content” in CloudFlare console
   3. Disable the CloudFlare Proxy Toggle
4. Wait until the certificate’s status is “Issued” in the AWS console.

Create a CloudFront Distribution

1. Following AWS’ guide configure a Cloudfront Web Distribution
   1. Select your bucket created as the “Origin domain”
   2. For “S3 Bucket Access” select “Yes use OAI”, select create a new one, and have AWS update the bucket policy. An Origin Access Identity is another type of identity within AWS which will allow your bucket to be locked down to just access via CloudFront vs being made public.
   3. In the “Alternate domain name” section enter the domain you wish to use
   4. In the “Custom SSL certificate” dropdown select the ACM certificate you created above
   5. In the “Default root object” enter index.html. docs
   6. Leave other options at their default and click Create. You will need to wait to move on until the distribution is deployed until you can test
2. Once the Distribution is no longer showing as “Deploying” you should be able to see your site being served over TLS via the “Distribution domain name”/index.html

Configuring DNS

With a static site in the S3 bucket configured for static website hosting, and the CloudFront distribution configured via the “Distribution domain name”. Setting up DNS allows visitors to access this via your purchased domain name.

1. Within your CloudFlare dashboard, under the “Website” menu click on the “Add Site” button. Enter your domain name and click “Add site”. Select the free plan and contiune.
2. You will be provided with a review of the DNS records currently setup for the domain. If this is a fesh purchase you will likely see DNS records created by your registrar. Click Contiune.
3. You will be prompted to update the domain’s existing nameservers and point them to CloudFlare. This will allow CloudFlare to provide answers when browsers ask for information about your domain. These instructions will be unique for your domain registrar of choice.
4. Once you have updated your Name Servers click the “Done, check nameservers” button. If this fails after updating at your registrar give it some time and retry.
5. Within the CloudFlare “Quick Start Guide” accept the defaults and click “Finish”. Wait until CloudFlare confirms that your domain is congirued
6. Within CloudFlare create a CNAME record with a value of @, and the “Target” as your CloudFront Distribution Domain Name. Ensure you delete the https:// or you will get an error
7. Within CloudFlare select the “SSL/TLS” menu and set the encryption mode to “Full”.

Your site should now load at the domain name that you requested

• 2024 4
• 2023 2
• 2022 4