AWS API 网关不适用于自定义域
[英]AWS API Gateway not working with custom domain
问题描述
I've created an expressjs api and hosted in AWS lambda with an api gateway for the same.
我创建了一个 expressjs api 并托管在 AWS lambda 中,并带有一个 api 网关。 It is working fine as expected with the url:它与 url 的预期一样工作正常:
https://[api-id].execute-api.[region].amazonaws.com/prod/api/v1/todos
But I want to invoke it using a custom domain and I confgiured it using the custom domain option of the api gateway.但是我想使用自定义域调用它,并且我使用 api 网关的自定义域选项配置了它。 I've registered my domain using google domains and I've added the CNAME entry in DNS configuration to map it to the cloudfront target domain name.我已经使用谷歌域注册了我的域,并且我已经将 DNS 配置中的 CNAME 条目添加到 map 到云端目标域名。 So far so good.到目前为止,一切都很好。
The api gateway custom domain configuration is as follows with corresponding mappings. api网关自定义域配置如下,对应映射。
My problem is that I'm getting the message Cannot GET /aprod/api/v1/todos , on invoking with url:我的问题是我在使用 url 调用时收到消息Cannot GET /aprod/api/v1/todos :
https://apis.mydomain.com/aprod/api/v1/todos
and forbidden on并forbidden
https://apis.mydomain.com/api/v1/todos
. .
My cloudwatch logs is as follows.我的cloudwatch日志如下。 If I'm not invoking with custom domain it works fine (green block), else no specific message (red block).如果我不使用自定义域调用它工作正常(绿色块),否则没有特定消息(红色块)。
I've already spent two weekends on this issue, any help is much appreciated.我已经在这个问题上度过了两个周末,非常感谢任何帮助。
3 个解决方案
解决方案1
7 2019-09-16 02:08:25
Based on my experience, there are two possible causes.根据我的经验,有两个可能的原因。
VPC Link专有网络链接
If your origin server is inside private VPC, it is necessary to create VPC Link and Network Load Balancer (NLB) instead of Application Load Balancer (ALB).如果您的源服务器在私有 VPC 内,则需要创建 VPC 链路和网络负载均衡器 (NLB),而不是应用程序负载均衡器 (ALB)。
See more detail: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html查看更多详细信息: https : //docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html
Point to API Gateway Endpoint指向 API 网关端点
CNAME should point to the API Gateway endpoint instead of CloudFront. CNAME 应该指向 API Gateway 端点而不是 CloudFront。 In this case, the value of CNAME should be like this.在这种情况下,CNAME 的值应该是这样的。
https://[api-id].execute-api.[region].amazonaws.com
Otherwise, the access through the custom domain is passed directly to the CloudFront.否则,通过自定义域的访问将直接传递到 CloudFront。
(Another Possible Cause) Using A Record (另一个可能的原因)使用记录
In my case, A record is used to point to the alias of NLB.就我而言,A 记录用于指向 NLB 的别名。 It is a functionality of Route53 but using A record might be necessary instead of CNAME.这是Route53的功能,但可能需要使用 A 记录而不是 CNAME。
解决方案2
2 2019-09-25 01:07:42
The "Cannot GET" error code is not a Lambda or API Gateway error code, and looks specific to Express JS. “无法获取”错误代码不是 Lambda 或 API 网关错误代码,它看起来特定于 Express JS。
The logs you've posted look like lambda logs, and if so then either lambda is getting invoked by something else, or you have successfully invoked your lambda function via the API call using " https://apis.mydomain.com/aprod/api/v1/todos " as user "Sándor Bakos" suggested.您发布的日志看起来像 lambda 日志,如果是,那么 lambda 正在被其他东西调用,或者您已使用“ https://apis.mydomain.com/aprod/通过 API 调用成功调用了您的 lambda 函数api/v1/todos ”作为用户“Sándor Bakos”的建议。
This means that you aren't dealing with a custom domain or API Gateway error, but instead are seeing this error from your Lambda function code.这意味着您不是在处理自定义域或 API 网关错误,而是从您的 Lambda 函数代码中看到此错误。 Some quick googling proves that out and I wonder if this SO post will help?一些快速的谷歌搜索证明了这一点,我想知道这篇 SO 帖子是否会有所帮助? Node, Express - CANNOT GET route 节点,快递 - 无法获取路线
For a bit more detail, if you were to invoke an URI in API Gateway that doesn't exist, unless you are successfully using SIGV4(IAM Auth) you will get a 403 with error message "Missing Authentication Token", and even then it would not return a "Cannot GET" error message unless you specifically mapped a gateway response for it.更详细一点,如果您要在 API Gateway 中调用不存在的 URI,除非您成功使用 SIGV4(IAM Auth),否则您将收到 403 错误消息“Missing Authentication Token”,即使如此除非您专门为其映射了网关响应,否则不会返回“无法获取”错误消息。
解决方案3
0 2019-09-19 21:30:52
Did you check the official documentation for setting up custom domain name for API in API Gateway? 您是否检查了用于在API Gateway中为API设置自定义域名的官方文档 ? Note that the recommendation is different based on the deployment option you chose -- regional or edge-optimized: 请注意,根据您选择的部署选项,建议是不同的-区域优化或边缘优化:
When you create a custom domain name for an edge-optimized API, API Gateway sets up a CloudFront distribution.
When you create a custom domain name for a regional API, API Gateway creates a regional domain name for the API.
This other Stack Overflow thread might also be helpful: Regional/Edge-optimized API Gateway VS Regional/Edge-optimized custom domain name 其他堆栈溢出线程也可能会有所帮助: 区域/边缘优化的API网关VS区域/边缘优化的自定义域名
解决方案4
0 2019-09-24 05:22:59
Please check below links, 请检查以下链接,
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html https://medium.com/@maciejtreder/custom-domain-in-aws-api-gateway-a2b7feaf9c74
https://medium.com/@maciejtreder/custom-domain-in-aws-api-gateway-a2b7feaf9c74 https://forums.aws.amazon.com/thread.jspa?threadID=251731
https://forums.aws.amazon.com/thread.jspa?threadID=251731 https://aws.amazon.com/premiumsupport/knowledge-center/custom-domain-name-amazon-api-gateway/
https://aws.amazon.com/premiumsupport/knowledge-center/custom-domain-name-amazon-api-gateway/ https://datanextsolutions.com/blog/setup-custom-domain-for-an-api-in-aws-api-gateway/
https://datanextsolutions.com/blog/setup-custom-domain-for-an-api-in-aws-api-gateway/
解决方案5
0 2022-11-23 00:24:05
I have fixed this issue by verifying the CA certificate using EMAIL instead of DNS我已通过使用 EMAIL 而不是 DNS 验证 CA 证书来解决此问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.