在 AWS Beanstalk 上设置 HSTS
Setting up HSTS on AWS Beanstalk
我即将通过 CloudFlare 在我的 AWS Beanstalk 应用程序上设置 HSTS。我有:
1) 使用 AWS Certificate Manager 创建证书并应用于负载均衡器(并将 HTTPS 侦听器端口设置为 443)
2) 将 CloudFlare SSL 切换为 FULL(之前设置为灵活)
我即将开启 CloudFlare HSTS,但是,提到了以下注意事项:
"One critical consideration when using HSTS on Cloudflare is that once HSTS is turned on, your website must continue to have a valid HTTPS configuration conforming with the HSTS header to avoid making the website inaccessible to users. If SSL is disabled through other means (“grey clouding” a Flexible SSL website, or moving a website off Cloudflare), it is possible the website will be inaccessible to users for the duration of cached max-age headers, or until HTTPS is re-established and an HSTS header with value 0 is served. Consequently, HSTS configuration requires reading and acknowledging understanding of a warning message."
所以,这让我有点害怕:我不打算随时关闭 SSL。我可能也不会退出 CloudFlare。但是,当我打开它时应该弄乱什么东西?我可以再次关闭 HSTS 并继续 "Phew, that was close" 还是我搞砸了?
/鲍勃
您需要确保始终使用 HTTPS。因此,如果您放弃 Cloudflare,则需要确保在您的服务器上正确安装了 SSL 证书。
它只会影响之前访问过您网站的用户,因为浏览器会对其进行缓存。如果他们清除缓存等,他们可以再次访问。
我在这里创建了一个指南,涵盖了您可能遇到的任何问题:https://www.engaging.io/how-to-easily-configure-hsts-for-super-secure-ssl/
我即将通过 CloudFlare 在我的 AWS Beanstalk 应用程序上设置 HSTS。我有:
1) 使用 AWS Certificate Manager 创建证书并应用于负载均衡器(并将 HTTPS 侦听器端口设置为 443)
2) 将 CloudFlare SSL 切换为 FULL(之前设置为灵活)
我即将开启 CloudFlare HSTS,但是,提到了以下注意事项:
"One critical consideration when using HSTS on Cloudflare is that once HSTS is turned on, your website must continue to have a valid HTTPS configuration conforming with the HSTS header to avoid making the website inaccessible to users. If SSL is disabled through other means (“grey clouding” a Flexible SSL website, or moving a website off Cloudflare), it is possible the website will be inaccessible to users for the duration of cached max-age headers, or until HTTPS is re-established and an HSTS header with value 0 is served. Consequently, HSTS configuration requires reading and acknowledging understanding of a warning message."
所以,这让我有点害怕:我不打算随时关闭 SSL。我可能也不会退出 CloudFlare。但是,当我打开它时应该弄乱什么东西?我可以再次关闭 HSTS 并继续 "Phew, that was close" 还是我搞砸了?
/鲍勃
您需要确保始终使用 HTTPS。因此,如果您放弃 Cloudflare,则需要确保在您的服务器上正确安装了 SSL 证书。
它只会影响之前访问过您网站的用户,因为浏览器会对其进行缓存。如果他们清除缓存等,他们可以再次访问。
我在这里创建了一个指南,涵盖了您可能遇到的任何问题:https://www.engaging.io/how-to-easily-configure-hsts-for-super-secure-ssl/