如何将S3用作静态网页并将EC2用作REST API? (AWS) [英] How to use S3 as static web page and EC2 as REST API for it together? (AWS)

问题描述

借助AWS服务，我们使Web应用程序从S3存储桶运行，并通过来自Load Balancer(在EC2实例上运行的Node.js应用程序集)的REST API访问数据.

With AWS services we have the Web application running from the S3 bucket and accessing the data through the REST API from Load Balancer (which is set of Node.js applications running on EC2 instance).

当前，我们指定的URL如下:

Currently we have specified URL's as following:

• API负载平衡器:     api. somedomain.com
• S3上的静态Web应用: somedomain.com

• API Load Balancer:       api.somedomain.com
• Static Web App on S3:        somedomain.com

但是进行此设置给我们带来了一系列问题，因为使用此设置的请求是CORS.我们可以使用特殊的标头来解决CORS，但这不适用于所有浏览器.

But having this setup brought us a set of problems since requests are CORS with this setup. We could workaround CORS with special headers, but that doesn't work with all browsers.

我们想要实现的是在相同的域上但使用不同的路径来运行API:

What we want to achieve is running API on the same domain but with different path:

• API负载平衡器:          somedomain.com /api
• S3上的静态Web应用: somedomain.com

• API Load Balancer:            somedomain.com/api
• Static Web App on S3:       somedomain.com

其中一个想法是将API负载平衡器附加到CDN上，如果查询出现在"/api/*"路径上，则将所有请求转发到负载平衡器.但这是行不通的，因为我们的API不仅使用HEAD和GET请求，而且还使用POST，PUT和DELETE.

One of the ideas was to attach the API Load Balancer to the CDN and forward all request to Load Balancer if query is coming on the "/api/*" path. But that doesn't work since our API is using not only HEAD and GET requests, but also POST, PUT, DELETE.

另一个想法是使用第二个EC2实例而不是S3存储桶来托管网站(使用某些Web服务器，例如nginx或apache).但是，如果一切就绪(S3静态内容托管)，那么这将给您带来过多的开销.同样，如果使用这种情况，我们将无法获得Amazon CloudFront性能的所有好处.

Another idea is using second EC2 instance instead of S3 bucket to host website (using some web server like nginx or apache). But that gives too much overhead when everything is in place already (S3 static content hosting). Also if using this scenario we wouldn't get all the benefits of Amazon CloudFront performance.

那么，您能否建议如何结合使用Load Balancer和S3，以便它们在相同的域上运行，但路径不同? ( somedomain.com /api 上的API和 somedomain.com 上的Web App)

So, could your recommend how to combine Load Balancer and S3, so they would run on same domain, but with different paths? (API on somedomain.com/api and Web App on somedomain.com)

谢谢！

推荐答案

您不能拥有具有相同主机名的EC2实例和S3存储桶.考虑当Web浏览器向该主机名发出请求时会发生什么. DNS将其解析为一个或多个IP地址，并将请求的数据包传递到该地址.该地址要么终止于EC2实例，要么终止于S3存储桶，而不是两者都终止.

You can't have an EC2 instance and an S3 bucket with the same host name. Consider what happens when a web browser makes a request to that host name. DNS resolves it to an IP address (or addresses) and the packets of the request are delivered to that address. The address either terminates at the EC2 instance or the S3 bucket, not both.

据我所知，您在S3上托管了静态网页，这些网页包含JavaScript代码，这些代码向EC2实例发出各种HTTP请求.如果S3网页与EC2实例位于不同的主机上，则相同的原始策略将阻止浏览器甚至尝试某些请求.

As I understand your situation, you have static web pages hosted on S3 that include JavaScript code that makes various HTTP requests to the EC2 instance. If the S3 web pages are on a different host than the EC2 instance then the same origin policy will prevent the browser from even attempting some of the requests.

我只能看到的解决方案是:

The only solutions I can see are:

• 向EC2实例发出所有请求，并在其中获取S3内容并在需要网页时将其传递给浏览器.
• 让您的JavaScript使用iframe，并将网页中的document.domain更改为共同的父源.例如，如果您的网页位于www.example.com，而您的EC2实例位于api.example.com，则JavaScript会将document.domain更改为example.com，浏览器将允许来自www.example.com的iframe与.
• 咬紧牙关，使用CORS.确实并不难，并且在所有远程的最新浏览器中都支持支持(IE 8和9都可以，但是不是以标准方式进行的) ).

• Make all requests to the EC2 instance, with it fetching the S3 contents and delivering it to the browser whenever a web page is asked for.
• Have your JavaScript use iframes and change the document.domain in the the web pages to a common parent origin. For example, if your web pages are at www.example.com and your EC2 instance is at api.example.com, the JavaScript would change document.domain to just example.com and the browser would permit iframes from from www.example.com to communicate with api.example.com.
• Bite the bullet and use CORS. It's really not hard, and it's supported in all remotely recent browsers (IE 8 and 9 do it, but not in a standard way).

第一种方法不好，因为在这种情况下您几乎完全不使用S3.

The first method is no good, because you almost might as well not use S3 at all in that case.

第二种情况对您来说还可以.它应该可以在任何浏览器中使用，因为它不是真正的CORS.因此，不需要CORS标头.但这很棘手.

The second case should be okay for you. It should work in any browser, because it's not really CORS. So no CORS headers are needed. But it's tricky.

第三种CORS方法应该很好.您的EC2实例只需要返回正确的标头即可告诉S3存储桶中的网页，使它们与EC2实例进行通信是安全的.

The third, CORS, approach should be just fine. Your EC2 instance just has to return the proper headers telling web pages from the S3 bucket that it's safe for them to talk to the EC2 instance.

这篇关于如何将S3用作静态网页并将EC2用作REST API? (AWS)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！