堆栈内存溢出
  简体   繁体   English

使用Amazon S3虚拟主机和多层域时处理SSL证书吗?

[英]Dealing with SSL certificates when using Amazon S3 Virtual hosting and a multilevel domain?

 原文  2018-03-12 04:41:17       amazon-web-services/ ssl/ amazon-s3

问题描述

I have a domain, let's say foo.bar.com , which I want to use to serve files in an Amazon S3 bucket. 我有一个域,例如foo.bar.com ,我想使用该域为Amazon S3存储桶中的文件提供服务。 According to https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html , the bucket name has to be foo.bar.com and the URL foo.bar.com.s3.amazonaws.com for the CNAME record for foo.bar.com (pointing to foo.bar.com.s3.amazonaws.com ) to work. 根据https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html ,存储桶名称必须为foo.bar.com ,URL为foo.bar.com.s3.amazonaws.comfoo.bar.com的CNAME记录(指向foo.bar.com.s3.amazonaws.com )正常工作。

Unfortunately, Amazon's SSL cert doesn't support foo.bar.com.s3.amazonaws.com (I mean, why would it, I guess), so I can't serve my files like this over SSL, I get an SSL warning/error. 不幸的是,亚马逊的SSL证书不支持foo.bar.com.s3.amazonaws.com (我是说,为什么会这样,我想),因此我无法通过SSL提供此类文件,但收到SSL警告/错误。 I can use plain HTTP but I get Mixed Content warnings in Chrome since the main site is over SSL. 我可以使用普通的HTTP,但是由于主站点通过SSL,因此我在Chrome中收到“混合内容”警告。

How should this issue be dealt with? 该问题应如何处理?

1 个解决方案

解决方案1
 0  2018-03-12 10:57:31

The only way to have both a Custom domain name and SSL on a bucket is to use CloudFront in conjunction with S3. 在存储桶上同时具有自定义域名和SSL的唯一方法是将CloudFront与S3结合使用。

Create an SSL cert for your domain foo.example.com in Amazon Certificate Manager (ACM) in the us-east-1 region, regardless of your bucket's region. 无论您的存储桶所在的区域如何,都在us-east-1区域的Amazon Certificate Manager(ACM)中为您的域foo.example.com创建SSL证书。 (The us-east-1 region is the region where CloudFront and ACM are interconnected.) (us-east-1区域是CloudFront和ACM互连的区域。)

Create a CloudFront distribution: 创建一个CloudFront分配:

  • if you want the S3 web site hosting features, including index documents and redirect rules, type the bucket's web site hosting endpoint hostname as the origin domain name (do not select the bucket from the list), or 如果您想要S3网站托管功能,包括索引文档和重定向规则,请键入存储桶的网站托管端点主机名作为源域名(不要从列表中选择存储桶),或者
  • if you want to use CloudFront signed cookies or signed URLs, do select the bucket from the drop-down list. 如果要使用CloudFront签名的Cookie或签名的URL,请从下拉列表中选择存储桶。

Associate your new ACM cert with the distribution, and add foo.example.com as an Alternate Domain Name for the distribution. 将新的ACM证书与分发相关联,并添加foo.example.com作为分发的备用域名。

Point the DNS record to the assigned dzczcexample.cloudfront.net hostname. 将DNS记录指向分配的dzczcexample.cloudfront.net主机名。

Note also that unlike S3 static hosting used by itself, this configuration does not require that the bucket name match the domain name, since CloudFront rewrites the requests before sending them to the bucket. 还请注意,与单独使用的S3静态托管不同,此配置不需要存储桶名称与域名匹配,因为CloudFront在将请求发送到存储桶之前会对其进行重写。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 SSL 证书添加到 Amazon AWS - S3 和 AppSync - Adding SSL certificates to Amazon AWS - S3 and AppSync 在 Amazon S3 存储桶上使用 SSL 和 CNAME - Using SSL on Amazon S3 bucket with CNAME 在Amazon S3上强制使用SSL - Force SSL on Amazon S3 访问Amazon AWS S3上的https(5GB免费)-虚拟主机 - Access to https on Amazon AWS S3 (5GB free) - Virtual Hosting Amazon S3静态网络托管无法与自定义域名一起使用(点号) - Amazon S3 static web hosting not working with custom domain name (dot issue) 域名如何在ACM中用于Amazon颁发的SSL证书 - How is domain name used for Amazon issued SSL certificates in ACM Amazon S3上的静态托管 - DNS配置 - Static hosting on Amazon S3 - DNS Configuration 用于托管的 Amazon S3 和 EC2? - Amazon S3 & EC2 for hosting? Amazon S3 + Lambda + DynamoDB网站托管 - Amazon S3 + Lambda + DynamoDB Website Hosting 在Amazon S3的BUCKET中托管多个网站 - Hosting multiple websites in a BUCKET on Amazon S3
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM