通过单个CloudFront发行版支持HTTPS URL重定向 [英] Supporting HTTPS URL redirection with a single CloudFront distribution
问题描述
我有一个域formulagrid.com.
我正在使用AWS S3将其托管为静态网站.我的问题是我想像这样将www子域重定向到裸域:
I am using AWS S3 to host it as a static website. My problem was that I wanted to redirect the www subdomain to the bare domain like so:
-
https://www.formulagrid.com -> https://formulagrid.com -
http://www.formulagrid.com -> https://formulagrid.com
https://www.formulagrid.com -> https://formulagrid.comhttp://www.formulagrid.com -> https://formulagrid.com
如果为静态网站托管设置了两者,则Amazon提供了从S3存储桶到S3存储桶的URL重定向.
Amazon provides URL redirecting from S3 bucket to S3 bucket if both are setup for static website hosting.
所以我要做的是设置两个存储桶:
So what I had to do was set up two buckets:
-
formulagrid.com-实际网站 -
www.formulagrid.com-仅用于重定向到实际网站
formulagrid.com- actual websitewww.formulagrid.com- exists solely to redirect to the actual website
如果仅通过HTTP进行操作,则此方法非常好,但是S3绝对不支持HTTPS.
This works perfectly fine if you're operating only over HTTP, but S3 has absolutely no support for HTTPS.
使用HTTPS连接到S3静态网站的方法是在S3存储桶的前面设置CloudFront发行版.但是,尽管CloudFront确实提供HTTPS,但它主要是作为CDN来存在的.
The way that one can use HTTPS to connect to an S3 static website is by setting up a CloudFront distribution in front of an S3 bucket. CloudFront, however, while it does provide HTTPS, mainly exists to function as a CDN.
最初,我在容纳实际站点的S3存储桶前面有一个CloudFront分发设置.一切似乎都可以运行:该站点分布在CDN上,具有HTTPS,并且HTTP重定向到HTTPS.
Initially, I had a single CloudFront distribution setup in front of the S3 bucket holding the actual site. Everything seemed operational: the site was distributed over the CDN, it had HTTPS, and HTTP redirected to HTTPS.
有一个例外.
-
https://www.formulagrid.com是一个完全损坏的页面
https://www.formulagrid.comwas a completely broken page
尝试查找错误的原因一段时间后,我意识到这是因为它没有通过CDN,并且尝试通过HTTPS访问S3无效.
After trying to find the source of the error for a while, I realized it's because it wasn't going through the CDN, and trying to access S3 over HTTPS doesn't work.
最后,我最终要做的是在www S3存储桶的前面提供另一个发行版,以便可以通过HTTPS对其进行访问.这就是我担心的地方,因为正如我前面提到的,CloudFront的主要目的是成为CDN.
Finally, what I ended up having to do was provision another distribution to sit in front of the www S3 bucket so it was accessible over HTTPS. This is where my concerns come in because, like I mentioned earlier, CloudFront's main purpose is to be a CDN.
让CDN位于一个仅重定向到另一个网址的URL对我来说没有任何意义.另外,它提出了一个问题,即每个重定向到www子域的请求是否都会被我收取双倍的费用,因为该请求在重定向后又击中了其他CloudFront发行版.
It doesn't make any sense to me to have a CDN sit in front of a url that just redirects to another. Also it brings up the question of whether I would be double charged for every request that hits the www subdomain because it'd hit the other CloudFront distribution after being redirected.
这令人沮丧,因为我正尝试使用Lambda来实现无服务器"架构,而除非是我的最后选择,否则我不必准备提供EC2实例来进行URL重写.
This is frustrating because I'm trying to do a "serverless" architecture using Lambda, and having to provision an EC2 instance just to do url rewriting isn't something I want to do unless it's my last resort.
如果亚马逊提供了任何形式的URL重写或CloudFront本身进行了重定向,那么解决方案将是微不足道的,但据我所知,这两种都不存在(让我知道是否可以这样做).
The solution would be trivial if Amazon offered any form of URL rewriting or if CloudFront itself did redirecting, but neither of these exist as far as I know (let me know if they do).
我是AWS的新手,所以我希望有更多经验的人可以为我指明正确的方向.
I'm new to AWS so I'm hoping someone with more experience can point me in the right direction.
推荐答案
您的想法过于狭窄-此设置没有任何问题.
You're thinking too narrowly -- there's nothing wrong with this setup.
如果亚马逊提供任何形式的URL重写,该解决方案将是微不足道的
The solution would be trivial if Amazon offered any form of URL rewriting
他们这样做-空的水桶.
They do -- the empty bucket.
S3绝对不支持HTTPS.
S3 has absolutely no support for HTTPS.
不适用于网站托管的存储桶,否...但是CloudFront可以.
Not for web site hosted buckets, no... but CloudFront does.
CloudFront不仅是CDN.它也是一个SSL卸载程序,Host:标头重写器,路径前置器,地理位置,地理限制器,安全内容网关,http到https重定向器,错误页面定制程序,根页面替代器,Web应用程序防火墙,原始标头注入器,动态内容压缩程序,路径基于多来源的HTTP请求路由器,查看器平台标识符,DDoS缓解器,区域顶点别名目标...,因此不要在"CDN"或您将一项服务堆叠到另一项服务之前就太挂了- -CloudFront在很大程度上是为了补充S3而设计的.他们每个人都专门研究存储和交付的某些方面.
CloudFront is not just a CDN. It's also an SSL offloader, Host: header rewriter, path prepender, geolocator, georestrictor, secure content gateway, http to https redirector, error page customizer, root page substituter, web application firewall, origin header injector, dynamic content gzipper, path-based multi-origin http request router, viewer platform identifier, DDoS mitigator, zone apex alias target... so don't get too hung up on "CDN" or on the fact that you're stacking one service in front of another -- CloudFront was designed, in large part, to complement S3. They each specialize in certain facets of storage and delivery.
因此,您做对了...无论如何,大部分...创建一个存储桶,对其进行配置以进行网站托管,将其设置为将所有请求重定向到另一个站点(非www)并放置一个CloudFront分布在其前面-使用Web站点端点URL作为CloudFront中的存储桶,而不是下拉列表中的存储桶-配置了较高的TTL,以便CloudFront向S3发送最少数量的请求,然后将免费!)来自Amazon Certificate Manager的SSL证书. HTTPS备用域路由:已解决.没有服务器,没有故障排除,而且价格便宜.仅使用 收费-与服务器一样,没有后台重复收费.
So, you did it right... most of it, anyway... Create a bucket, configure it for web site hosting, set it to redirect all requests to another site (the non-www) and put a CloudFront distribution in front of it -- using the web site endpoint URL for with bucket in CloudFront, not the one from the drop-down list -- configured with high TTLs so that CloudFront will send a minimal number of requests to S3 then put your (free!) SSL certificate from Amazon Certificate Manager. HTTPS alternate domain routing: solved. No servers, no troubleshooting, and cheap. The only charges are the usage -- there is no background recurring charge as there would be with servers.
额外信用:将重定向的CloudFront分配配置为最便宜的费率层.来自较昂贵位置的重定向将被路由到较便宜的边缘位置,或者-由CloudFront选择-可以从较高成本的位置提供服务,但收费较低.
Extra credit: configure the redirecting CloudFront distribution for the cheapest rate tier. Redirects from more expensive locations will either be routed to a cheaper edge location or -- at CloudFront's option -- may be served out of a higher cost location but billed at the lower rate.
请注意,大多数情况下,CloudFront应该从其缓存中提供S3的重定向...并且当您配置存储桶以将所有请求重定向到另一个主机名时,重定向是301 永久的重定向-应该由哪些浏览器自行缓存.
Note that most of the time, CloudFront should serve the redirects from S3 from it's cache... and when you configure a bucket to redirect all requests to another hostname, the redirect is a 301 permanent redirect -- which browsers are supposed to cache, themselves.
这篇关于通过单个CloudFront发行版支持HTTPS URL重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
