为什么 AWS 中 Discourse 的二级子域会失败?
[英]Why does secondary subdomain for Discourse in AWS fail?
问题描述
I have a domain for a public-facing static website that loads fine whether it's entered into the browser as example.com , http://example.com , or https://example.com . 
I have a domain for a public-facing static website that loads fine whether it's entered into the browser as example.com , http://example.com , or https://example.com .
I have a private (accessible by login) subdomain for a Discourse forum that loads fine whether it's entered into the browser as discourse.example.com , http://discourse.example.com , or https://discourse.example.com . I have a private (accessible by login) subdomain for a Discourse forum that loads fine whether it's entered into the browser as discourse.example.com , http://discourse.example.com , or https://discourse.example.com .
The subdomain for Discourse is achieved by addition of a record to the AWS Route 53 hosted zone: Discourse 的子域是通过向 AWS Route 53 托管区域添加记录来实现的:
Record name: discourse.example.com
Record type: A
Value: 123.45.678.90
Alias: No
TTL: 300
Routing policy: Simple
I'd like to provide a shorter alternative/secondary subdomain for Discourse.我想为 Discourse 提供一个较短的替代/辅助子域。 So I added another record, nearly same as the prior, only with the record name changed from discourse.example.com to d.example.com .所以我添加了另一条记录,几乎与之前相同,只是记录名称从discourse.example.com更改为d.example.com 。
Strangely, this works in HTTP, but in HTTPS the browser warns:奇怪的是,这在 HTTP 中有效,但在 HTTPS 中,浏览器警告:
Your connection is not private
Attackers might be trying to steal your information from d.example.com (for example, passwords, messages, or credit cards).
Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
What am I missing?我错过了什么? Should I be going about this a different way?我应该以不同的方式解决这个问题吗?
My AWS Certificate covers example.com and *.example.com .我的 AWS 证书涵盖example.com和*.example.com 。 My CloudFront distribution covers example.com and d.example.com .我的 CloudFront 分布涵盖example.com和d.example.com 。 I have disabled my Amazon CloudFront cache during this configuration temporarily to ensure that's not a factor.我在此配置期间暂时禁用了我的 Amazon CloudFront 缓存,以确保这不是一个因素。
1 个解决方案
解决方案1
0 2022-01-05 00:52:12
I found a solution:我找到了一个解决方案:
- Go to AWS S3 and create a new bucket. Go 到 AWS S3 并创建一个新的存储桶。
- Name it my desired subdomain (
d.example.com).将其命名为我想要的子域( d.example.com)。 - Make it public.公开。
- Enable static web hosting.启用 static web 托管。
- Set hosting type to Redirect.将托管类型设置为重定向。
- Set host name to desired redirect URL (
discourse.example.com).将主机名设置为所需的重定向 URL ( discourse.example.com)。 - Note its static website hosting bucket website endpoint for later (looks like
http://d.example.com.s3-website.aws-region-2.amazonaws.com).Note its static website hosting bucket website endpoint for later (looks like http://d.example.com.s3-website.aws-region-2.amazonaws.com). - Go to CloudFront and create a new distribution. Go 到 CloudFront 并创建一个新的分配。
- Paste the noted endpoint into the origin domain ( do not choose the similar but slightly different option from the dropdown ).将注明的端点粘贴到源域(不要从下拉列表中选择相似但略有不同的选项)。
- Add alternate/CNAME as desired new subdomain (
d.example.com).添加备用/CNAME 作为所需的新子域( d.example.com)。 - Choose existing AWS certificate for SSL.为 SSL 选择现有的 AWS 证书。
- Go to Route 53, choose the existing hosted zone, and create a new record. Go 到 Route 53,选择现有托管区域,并创建新记录。
- Leave type as A record.离开类型为 A 记录。
- Set record name to desired subdomain (
d).将记录名称设置为所需的子域 ( d)。 - Change value to Alias.将值更改为别名。
- Route traffic to CloudFront.将流量路由到 CloudFront。
- Choose the new distribution from the dropdown.从下拉列表中选择新的分布。
- Wait a few minutes before attempting to load the new subdomain in the browser.等待几分钟,然后再尝试在浏览器中加载新的子域。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.