Cloudfront 未正确重定向到 https 和子域
Cloudfront does not redirect properly to https and subdomain
根据 post and this 文章,应该在重定向到另一个包含静态文件的存储桶的 S3 存储桶前面创建第二个云端分发。
Asuuming 前端存储桶名称是 www.example.com,重定向存储桶是 example.com。我已经根据以下 cloudformation 模板设置了我的 AWS 资源。
但是,出现了一些问题:如果我点击 example.com,它不会重定向到 www.example.com,只有当我在网站上点击另一个 link 时。此外,它不会加载例如图标。 http://example.com is redirect to https://example.com. http://www.example.com 它没有重定向到 https,找不到网站。
我的 AWS 设置中缺少什么?
This 提到不要设置默认根对象 属性,我没有。但也许它有某种关系?
FrontendBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.frontendBucketName}
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: 404.html
RedirectdBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.redirectBucketName}
AccessControl: PublicRead
WebsiteConfiguration:
RedirectAllRequestsTo:
HostName: ${self:custom.frontendBucketName}
Protocol: https
WebAppCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: ${self:custom.frontendBucketName}.s3-website.${self:provider.region}.amazonaws.com
Id: Frontend
CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: http-only
Enabled: 'true'
Aliases:
- ${self:custom.frontendBucketName}
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
DefaultCacheBehavior:
DefaultTTL: 31536000
MaxTTL: 31536000
MinTTL: 31536000
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: Frontend
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
AcmCertificateArn: 'arn:aws:acm:us-east-1:xxxx:certificate/xxxx'
SslSupportMethod: 'sni-only'
RedirectCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: ${self:custom.redirectBucketName}.s3-website.${self:provider.region}.amazonaws.com
Id: Redirect
CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: http-only
Enabled: 'true'
Aliases:
- {self:custom.redirectBucketName}
DefaultCacheBehavior:
DefaultTTL: 31536000
MaxTTL: 31536000
MinTTL: 31536000
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: Redirect
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
ViewerCertificate:
AcmCertificateArn: 'arn:aws:acm:us-east-1:xxxx:certificate/xxxx'
SslSupportMethod: 'sni-only'
DnsRecord:
Type: "AWS::Route53::RecordSet"
Properties:
AliasTarget:
DNSName:
Fn::GetAtt:
- WebAppCloudFrontDistribution
- DomainName
HostedZoneId: XXXXX
HostedZoneId: XXXX
Name: ${self:custom.frontendBucketName}
Type: 'A'
RedirectDnsRecord:
Type: "AWS::Route53::RecordSet"
Properties:
AliasTarget:
DNSName:
Fn::GetAtt:
- RedirectCloudFrontDistribution
- DomainName
HostedZoneId: XXXX
HostedZoneId: XXXX
Name: ${self:custom.redirectBucketName}
Type: 'A'
目前,您遇到了 DNS 问题,您尚未发布 "www.example.com" 的 DNS 记录。
您有 example.com --> CloudFront 的 DNS,但 www.example.com 没有,即使您已将 www.example.com 添加到 CloudFront CNMAE/Alternative 文件中,当客户端获得一个新位置的 301/302 并看到主机的变化时,它会再次解析它。
curl -I --resolve www.example.com:443:13.249.210.66 https://www.example.com/index.html
HTTP/1.1 200 好
Content-Type: text/html
Content-Length:80232
连接:keep-alive
日期:2019 年 6 月 23 日,星期日 10:07:43 GMT
Last-Modified:2019 年 6 月 21 日,星期五 07:21:38 GMT
ETag:“8d536768b2173a7f3869f4178f75b331”
服务器:AmazonS3
X-Cache: 云端小姐
通过:1.1 7db8064d915149cac923df11147875f9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop:BLR50-C3
X-Amz-Cf-Id: wOpVoz1gVlxYDBORSfGr9fmt8L-Q6vhWyEm1XPgJVQy-sbes9HTuuQ==
您只需要在 Route53 中为 www.example.com 创建一个别名记录。
根据
Asuuming 前端存储桶名称是 www.example.com,重定向存储桶是 example.com。我已经根据以下 cloudformation 模板设置了我的 AWS 资源。
但是,出现了一些问题:如果我点击 example.com,它不会重定向到 www.example.com,只有当我在网站上点击另一个 link 时。此外,它不会加载例如图标。 http://example.com is redirect to https://example.com. http://www.example.com 它没有重定向到 https,找不到网站。
我的 AWS 设置中缺少什么?
This 提到不要设置默认根对象 属性,我没有。但也许它有某种关系?
FrontendBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.frontendBucketName}
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: 404.html
RedirectdBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.redirectBucketName}
AccessControl: PublicRead
WebsiteConfiguration:
RedirectAllRequestsTo:
HostName: ${self:custom.frontendBucketName}
Protocol: https
WebAppCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: ${self:custom.frontendBucketName}.s3-website.${self:provider.region}.amazonaws.com
Id: Frontend
CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: http-only
Enabled: 'true'
Aliases:
- ${self:custom.frontendBucketName}
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
DefaultCacheBehavior:
DefaultTTL: 31536000
MaxTTL: 31536000
MinTTL: 31536000
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: Frontend
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
AcmCertificateArn: 'arn:aws:acm:us-east-1:xxxx:certificate/xxxx'
SslSupportMethod: 'sni-only'
RedirectCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: ${self:custom.redirectBucketName}.s3-website.${self:provider.region}.amazonaws.com
Id: Redirect
CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: http-only
Enabled: 'true'
Aliases:
- {self:custom.redirectBucketName}
DefaultCacheBehavior:
DefaultTTL: 31536000
MaxTTL: 31536000
MinTTL: 31536000
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: Redirect
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
ViewerCertificate:
AcmCertificateArn: 'arn:aws:acm:us-east-1:xxxx:certificate/xxxx'
SslSupportMethod: 'sni-only'
DnsRecord:
Type: "AWS::Route53::RecordSet"
Properties:
AliasTarget:
DNSName:
Fn::GetAtt:
- WebAppCloudFrontDistribution
- DomainName
HostedZoneId: XXXXX
HostedZoneId: XXXX
Name: ${self:custom.frontendBucketName}
Type: 'A'
RedirectDnsRecord:
Type: "AWS::Route53::RecordSet"
Properties:
AliasTarget:
DNSName:
Fn::GetAtt:
- RedirectCloudFrontDistribution
- DomainName
HostedZoneId: XXXX
HostedZoneId: XXXX
Name: ${self:custom.redirectBucketName}
Type: 'A'
目前,您遇到了 DNS 问题,您尚未发布 "www.example.com" 的 DNS 记录。
您有 example.com --> CloudFront 的 DNS,但 www.example.com 没有,即使您已将 www.example.com 添加到 CloudFront CNMAE/Alternative 文件中,当客户端获得一个新位置的 301/302 并看到主机的变化时,它会再次解析它。
curl -I --resolve www.example.com:443:13.249.210.66 https://www.example.com/index.html HTTP/1.1 200 好 Content-Type: text/html Content-Length:80232 连接:keep-alive 日期:2019 年 6 月 23 日,星期日 10:07:43 GMT Last-Modified:2019 年 6 月 21 日,星期五 07:21:38 GMT ETag:“8d536768b2173a7f3869f4178f75b331” 服务器:AmazonS3 X-Cache: 云端小姐 通过:1.1 7db8064d915149cac923df11147875f9.cloudfront.net (CloudFront) X-Amz-Cf-Pop:BLR50-C3 X-Amz-Cf-Id: wOpVoz1gVlxYDBORSfGr9fmt8L-Q6vhWyEm1XPgJVQy-sbes9HTuuQ==
您只需要在 Route53 中为 www.example.com 创建一个别名记录。