堆栈内存溢出
  简体   繁体   English

AWS S3,CloudFront和SSL

[英]AWS S3, CloudFront and SSL

 原文  2017-03-04 14:45:37       amazon-web-services/ ssl/ amazon-s3/ https

问题描述

I have tried setting up a static hosting solution for our web platform by using AWS S3 and CloudFront. 我尝试使用AWS S3和CloudFront为我们的Web平台设置静态托管解决方案。 It is required to use https, and it needs to be accessed via a custom subdomain. 必须使用https,并且需要通过自定义子域进行访问。

This is my S3 bucket: 这是我的S3存储桶: 在此处输入图片说明

These are the settings for the CloudFront: 这些是CloudFront的设置: 在此处输入图片说明 在此处输入图片说明

The certificate settings look ok to me: 证书设置对我来说没问题: 在此处输入图片说明

And finally my DNS record is like this: CNAME: "static" -> "d1fd407fp9coo4.cloudfront.net." 最后,我的DNS记录如下: CNAME: "static" -> "d1fd407fp9coo4.cloudfront.net."

edit: using my default domain provider for DNS, not Route 53. 编辑:使用我的默认域提供程序的DNS,而不是路由53。

The aim is to have the resource available at static.dmaglobal.com/logo-frontpage.png via https. 目的是通过https在static.dmaglobal.com/logo-frontpage.png上提供资源。 It loads fine without ( http://static.dmaglobal.com/logo-frontpage.png ), but the https-version ( https://static.dmaglobal.com/logo-frontpage.png ) gives an SSL-error stating the current certificate is for *.s3.eu-west-2.amazonaws.com instead of *.dmaglobal.com. 无需( http://static.dmaglobal.com/logo-frontpage.png )即可正常加载,但https-version( https://static.dmaglobal.com/logo-frontpage.png )会给出SSL错误说明当前证书适用于* .s3.eu-west-2.amazonaws.com,而不是* .dmaglobal.com。 I do not understand where this mismatch comes from, as it seems like the current certificate is correctly set up for our custom domain. 我不知道这种不匹配来自何处,因为似乎为我们的自定义域正确设置了当前证书。

Anyone able to give some pointers on how to proceed from here with this issue? 任何人都可以就如何从此问题着手提出一些建议吗?

2 个解决方案

解决方案1
 0  2017-03-04 15:28:25

As you have noticed your DNS record resolves to S3 still. 如您所见,您的DNS记录仍解析为S3。

Instead of CNAME you should create an ALIAS record to Cloudfront distribution. 您应该创建一个ALIAS记录而不是CNAME到Cloudfront发行版。 In static record pick A type record, check Yes for Alias and pick the Cloudfront distribution on the dropdown. 在静态记录中,选择A类型记录,为Alias选中“是”,然后在下拉列表中选择Cloudfront分布。

The reason for this: ALIAS records are free of charge and they resolve faster. 这样做的原因:ALIAS记录是免费的,而且解析速度更快。

解决方案2
 0 已采纳  2017-03-07 13:09:11

To answer my own question: In the end, it was the proper CNAME value that had not propagated properly yet (as it was initially pointing to S3 before I was aware that CloudFront was required for SSL). 要回答我自己的问题:最后,是正确的CNAME值尚未正确传播(因为它最初指向S3,直到我意识到SSL需要CloudFront为止)。 As soon as it was, the settings in the OP worked perfectly. 设置完成后,OP中的设置就可以完美运行了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 Heroku SSL (ACM) 与 AWS S3 / Cloudfront 一起使用 - Using Heroku SSL (ACM) alongside AWS S3 / Cloudfront AWS / S3 ACL和CloudFront - AWS/S3 ACLs & CloudFront HTTPS、AWS ELB、CloudFront 和 S3 - HTTPS, AWS ELB, CloudFront & S3 AWS S3与Cloudfront同步(缓存时间?) - AWS S3 sync with Cloudfront (Cache time?) AWS CloudFront到S3的后期支持? - AWS CloudFront to S3 Post Support? AWS S3 + CloudFront 成本问题 - AWS S3 + CloudFront Cost Problems S3 和 ALB 前面的 AWS CloudFront - AWS CloudFront in front of S3 and ALB 使用AWS S3与Cloudfront - Use AWS S3 vs Cloudfront AWS - Cloudfront / S3 - 拒绝访问 - AWS - Cloudfront / S3 - Access Denied AWS Cloudfront S3非常慢 - AWS cloudfront s3 is very slow
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM