[英]Amazon ACM certificate Issue and is in Use but Website is still having Http
I have hosted my static website in S3 bucket using angular5 and mapped to a custom domain using Route53. 我已经使用angular5将静态网站托管在S3存储桶中,并使用Route53映射到了自定义域。 I want to have SSL/TLS(HTTPS) for my site, so I used ACM to generate the certificate and mapped it to my site using CloudFront.
我想为我的站点使用SSL / TLS(HTTPS),所以我使用ACM生成证书并将其使用CloudFront映射到我的站点。 The ACM status is issued and it says it's in use.
ACM状态已发出,并且表明它正在使用中。 but my website is not HTTPS enabled.
但我的网站未启用HTTPS 。
Everything is hosted in us-east-1, I am accessing my site from East-Asia. 一切都托管在us-east-1中,我正在从东亚访问我的网站。 Is this an issue?
这是问题吗?
Am I missing something? 我想念什么吗?
The ACM certificate for CloudFront should have been generated in the N.Virginia region. CloudFront的ACM证书应该已经在弗吉尼亚北部地区生成。 Then you should be able to assign it to your CloudFront distribution.
然后,您应该可以将其分配给您的CloudFront分配。
In your CloudFront distribution Origin, you should set the "Origin Protocol Policy" parameter to "HTTPS Only" if you want to use HTTPS between CloudFront and your S3 bucket. 如果要在CloudFront和S3存储桶之间使用HTTPS,则应在CloudFront分发源中将“原始协议策略”参数设置为“仅HTTPS”。
In your CloudFront distribution Cache Behavior, you should set the "Viewer Protocol Policy" parameter to "Redirect HTTP to HTTPS" so that every HTTP communication between the clients and your CloudFront distribution is redirected to use HTTPS. 在您的CloudFront分配缓存行为中,您应该将“查看器协议策略”参数设置为“将HTTP重定向到HTTPS”,以便将客户端和CloudFront分配之间的每个HTTP通信都重定向为使用HTTPS。
Then you would have to change your DNS record to point to the CloudFront distribution CNAME. 然后,您将必须更改DNS记录以指向CloudFront发行版CNAME。
Additionally you could configure your CloudFront distribution and your S3 bucket to restrict access directly from the clients to the S3 buckets, so that every request goes through your ClouddFront distribution. 另外,您可以配置CloudFront分配和S3存储桶,以直接限制从客户端到S3存储桶的访问,以便每个请求都通过ClouddFront分配。
Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content 使用原始访问身份限制对Amazon S3内容的访问
Typically, if you're using an Amazon S3 bucket as the origin for a CloudFront distribution, you grant everyone permission to read the objects in your bucket.
通常,如果您将Amazon S3存储桶用作CloudFront分发的来源,则您授予每个人读取存储桶中对象的权限。 This allows anyone to access your objects either through CloudFront or using the Amazon S3 URL.
这允许任何人通过CloudFront或使用Amazon S3 URL访问您的对象。 CloudFront doesn't expose Amazon S3 URLs, but your users might have those URLs if your application serves any objects directly from Amazon S3 or if anyone gives out direct links to specific objects in Amazon S3
CloudFront不会公开Amazon S3 URL,但是如果您的应用程序直接从Amazon S3提供任何对象,或者如果有人给出了指向Amazon S3中特定对象的直接链接,则您的用户可能拥有这些URL
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.