AWS Cloudfront不适用于自定义域
[英]AWS cloudfront not working with custom domain
问题描述
I am trying to use cloudfront for static website s3 with my custom domain. 
我正在尝试将Cloudfront用于具有自定义域的静态网站s3。 Following are the steps I followed: 以下是我遵循的步骤:
1) Setup a s3 bucket (say, example.com ) and enabled static website hosting on it. 1)设置一个s3存储桶(例如example.com )并在其上启用静态网站托管。
2) Also setup a s3 bucket ( www.example.com ) which redirects to example.com . 2)还要设置一个s3存储桶( www.example.com ),该存储桶将重定向到example.com 。
3) In route 53, added a hosted zone (example.com) and added the record sets. 3)在路线53中,添加了托管区域(example.com),并添加了记录集。
4) After this, http://example.com works for me. 4)之后, http://example.com为我工作。
Now I am trying to add cloudfront to it. 现在,我正在尝试向其添加cloudfront。 I added the following steps: 我添加了以下步骤:
5) From Amazon Certificate Manager, added a certificate for www.example.com and got it verified (added to Route 53 DNS, it was verified automatically after some time). 5)在Amazon Certificate Manager中,为www.example.com添加了一个证书,并对其进行了验证(已添加到Route 53 DNS中,一段时间后会自动进行验证)。
6) Created a cloudfront distribution with following settings: 6)使用以下设置创建了一个Cloudfront发行版:
Domain Origin: www.example.com
Origin Protocol Policy: HTTP Only
Alternate Domain Name: www.example.com
SSL Certificate: Selected from ACM
When I try to launch: https://example.com or https://www.example.com , the site doesn't load. 当我尝试启动: https://example.com : https://example.com或https://www.example.com ,该网站无法加载。 http://example.com does load, but I am not sure if cloudfront is actually working on this or not. http://example.com确实已加载,但是我不确定cloudfront是否正在实际进行此操作。 Also why is https not loading? 另外为什么不加载https?
2 个解决方案
解决方案1
1 2019-06-06 17:47:02
you need to go into rt 53 and point the domain at your cloudfront distribution. 您需要进入rt 53,然后将域指向您的Cloudfront发行版。 It won't appear as an option unless you've set the domain as an alternate domain in the distribution settings. 除非您在发布设置中将域设置为备用域,否则它不会显示为选项。 Also, that cert won't work for anything except www.example.com, meaning example.com is excluded. 此外,该证书仅对www.example.com无效,这意味着example.com被排除在外。 you need a cert that includes example.com and www.example.com (or *.example.com to cover all subdomains) 您需要包含example.com和www.example.com(或* .example.com才能覆盖所有子域)的证书
解决方案2
1 已采纳 2019-06-06 18:55:26
To setup the S3 bucket behind the CF distribution WITH SSL you need to: 要使用SSL在CF发行版后面设置S3存储桶,您需要:
- Setup S3 bucket
example.com(Block all public access = off, policy https://d.pr/i/KU1Q4z )设置S3存储桶example.com(阻止所有公共访问=关闭,策略https://d.pr/i/KU1Q4z ) - Create certificate in ACM issued at
example.comand*.example.com(or specific subdomain at will), validate it在example.com和*.example.com(或*.example.com子域)发行的ACM中创建证书,进行验证 - Create CF distribution 创建CF分配
- Set created CF alternate domain names to:
example.com*.example.com(other subdomain here)将创建的CF备用域名设置为: example.com*.example.com(此处为其他子域) - Use custom SSL certificate (previously created and validated) 使用自定义SSL证书(先前创建和验证)
- Create/change default origin, to:
example.com.s3-website-AWS_REGION.amazonaws.comwith origin protocol policyHTTP Only使用原始协议策略HTTP Only将默认来源创建/更改为:example.com.s3-website-AWS_REGION.amazonaws.com - CF Default origin behaviour should be more-less like this: https://d.pr/i/h6PrG6 CF默认来源行为应更像这样: https : //d.pr/i/h6PrG6
- In Route 53 set CF A ALIAS for
example.comand CNAME for*.example.com(or other subdomain) pointing atCF_DISTRIBUTION_ID.cloudfront.net在Route 53中,将CF A ALIAS设置为example.com,将CNAME设置为*.example.com(或其他子域),指向CF_DISTRIBUTION_ID.cloudfront.net
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.