Cloudfront自定义来源分布返回502“无法满足该请求的错误”。对于某些URL [英] Cloudfront custom-origin distribution returns 502 "ERROR The request could not be satisfied." for some URLs
问题描述
我们有一个具有自定义来源的Cloudfront发行版,该发行版已经运行了很长时间了,可以为我们的一个站点提供静态资产。就在今天早上,我们注意到我们的徽标显示为断开的链接。
We have a Cloudfront distribution with custom origin that has been working just fine for quite a long time, serving static assets for one of our sites. Just this morning, we noticed that our logo was displaying as a broken link.
在进一步调查中,Cloudfront返回了一个奇怪的错误消息,我从未见过。 相关网址:
Upon further investigation, Cloudfront is returning a strange error message that I've never seen before for the URL in question:
错误
请求无法满足。
由cloudfront(CloudFront)生成
ERROR
The request could not be satisfied.
Generated by cloudfront (CloudFront)
其他几个Cloudfront URL分布返回相同的错误,但是其他(同样来自相同的分布)也可以正常工作。我看不到什么模式有效,什么无效。
Several other Cloudfront URLs from this distribution return the same error, but then others (again, from the same distribution) are working just fine. I don't see a pattern to what works and what doesn't.
其他一些数据点:
- 原始URL 可以正常工作。据我所知,最近没有服务中断。
- 我已经专门使徽标URL无效,而无效。
- 我已经使发行版的根URL无效了。
- The origin URLs work just fine. There's been no recent interruption in service, to my knowledge.
- I've invalidated the logo URL specifically, to no effect.
- I've invalidated the root URL of the distribution, to no effect.
有什么想法吗?我以前从未见过Cloudfront这样做。
Any idea what's going on here? I've never seen Cloudfront do this before.
更新:
这里来自Cloudfront的逐字HTTP响应:
Here's the verbatim HTTP response from Cloudfront:
$ http GET https://d2yu7foswg1yra.cloudfront.net/static/img/crossway_logo.png
HTTP/1.1 502 Bad Gateway
Age: 213
Connection: keep-alive
Content-Length: 472
Content-Type: text/html
Date: Wed, 18 Dec 2013 17:57:46 GMT
Server: CloudFront
Via: 1.1 f319e8962c0268d31d3828d4b9d41f98.cloudfront.net (CloudFront)
X-Amz-Cf-Id: H_HGBG3sTOqEomHzHubi8ruLbGXe2MRyVhGBn4apM0y_LjQa_9W2Jg==
X-Cache: Error from cloudfront
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
</BODY></HTML>
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated by cloudfront (CloudFront)
</ADDRESS>
</BODY></HTML>
推荐答案
我最近遇到了类似的问题,事实证明这是由于我正在使用ssl_ciphers。
I had a similar issue recently which turned out to be due to ssl_ciphers that I was using.
CloudFront使用SSLv3或TLSv1协议将HTTPS请求转发到原始服务器以及AES128-SHA1或RC4-MD5密码。如果您的源服务器不支持AES128-SHA1或RC4-MD5密码,则CloudFront无法建立与您的源的SSL连接。
"CloudFront forwards HTTPS requests to the origin server using the SSLv3 or TLSv1 protocols and the AES128-SHA1 or RC4-MD5 ciphers. If your origin server does not support either the AES128-SHA1 or RC4-MD5 ciphers, CloudFront cannot establish an SSL connection to your origin. "
我必须更改我的nginx confg,以将AES128-SHA(不推荐使用RC4:HIGH)添加到ssl_ciphers中以修复302错误。我希望这有帮助。我已经从ssl.conf中粘贴了该行
I had to change my nginx confg to add AES128-SHA ( deprecated RC4:HIGH ) to ssl_ciphers to fix the 302 error. I hope this helps. I have pasted the line from my ssl.conf
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;
这篇关于Cloudfront自定义来源分布返回502“无法满足该请求的错误”。对于某些URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
![相关网址](\"https://d2yu7foswg1yra.cloudfront.net/static/img/crossway_logo.png\"){kind=link}
![原始URL](\"https://my.crossway.org/static/img/crossway_logo.png\"){kind=link}