AWS API Gateway无法与自定义域一起使用 [英] AWS API Gateway not working with custom domain

问题描述

我创建了一个expressjs api，并将其托管在AWS lambda中，并且具有相同的api网关.可以正常使用url:

I've created an expressjs api and hosted in AWS lambda with an api gateway for the same. It is working fine as expected with the url:

https://[ api-id] .execute-api.[region] .amazonaws.com/prod/api/v1/todos

但是我想使用自定义域来调用它，而我使用api网关的custom domain选项来配置它.我已经使用Google域注册了我的域，并在DNS配置中添加了CNAME条目以将其映射到Cloudfront目标域名.到目前为止，一切都很好.

But I want to invoke it using a custom domain and I confgiured it using the custom domain option of the api gateway. I've registered my domain using google domains and I've added the CNAME entry in DNS configuration to map it to the cloudfront target domain name. So far so good.

api网关自定义域配置如下，并带有相应的映射.

The api gateway custom domain configuration is as follows with corresponding mappings.

我的问题是，我在通过url调用时收到消息Cannot GET /aprod/api/v1/todos:

My problem is that I'm getting the message Cannot GET /aprod/api/v1/todos, on invoking with url:

https://apis.mydomain.com/aprod/api/v1/todos

和forbidden on

https://apis.mydomain.com/api/v1/todos

.

我的cloudwatch日志如下.如果我不使用自定义域，则可以正常工作(绿色方框)，否则没有特定消息(红色方框).

My cloudwatch logs is as follows. If I'm not invoking with custom domain it works fine (green block), else no specific message (red block).

我已经在这个问题上度过了两个周末，非常感谢您的帮助.

I've already spent two weekends on this issue, any help is much appreciated.

推荐答案

根据我的经验，有两种可能的原因.

Based on my experience, there are two possible causes.

如果原始服务器位于专用VPC内部，则必须创建VPC链接和网络负载平衡器(NLB)，而不是应用程序负载平衡器(ALB).

If your origin server is inside private VPC, it is necessary to create VPC Link and Network Load Balancer (NLB) instead of Application Load Balancer (ALB).

查看更多详细信息: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

CNAME应该指向API网关端点，而不是CloudFront.在这种情况下，CNAME的值应像这样.

CNAME should point to the API Gateway endpoint instead of CloudFront. In this case, the value of CNAME should be like this.

https://[api-id].execute-api.[region].amazonaws.com

否则，通过自定义域的访问将直接传递到CloudFront.

Otherwise, the access through the custom domain is passed directly to the CloudFront.

在我的情况下，一条记录用于指向NLB的别名.这是功能Route53 ，但可能需要使用A记录代替CNAME.

In my case, A record is used to point to the alias of NLB. It is a functionality of Route53 but using A record might be necessary instead of CNAME.

这篇关于AWS API Gateway无法与自定义域一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！