从AWS lambda @ edge访问原始URL [英] accessing origin URL from AWS lambda@edge
问题描述
我正在尝试在AWS Cloudfront上使用lambda @ edge对多个网站实施代理".
I'm trying to implement a "proxy" to multiple websites using lambda@edge on AWS Cloudfront.
我的设置大致是:
DNS:*.domain.com-> some_uuid.cloudfront.net(Cloudfront发行版)
DNS: *.domain.com -> some_uuid.cloudfront.net (Cloudfront distribution)
Cloudfront:some_uuid.cloudfront.net-> s3存储桶起源
Cloudfront: some_uuid.cloudfront.net -> s3 bucket origin
s3存储桶:网站/(包含多个网站的文件夹)
s3 bucket: websites/ (a folder that contains multiple websites)
lambda @ edge函数:定义为原始请求
lambda@edge function: defined as origin-request
我的lambda @ edge函数非常简单:
My lambda@edge function is quite simple:
-
检查网站资源是否在s3存储桶中.
check if the website resource exists in the s3 bucket.
如果存在,请将请求uri更改为资源s3 url.
if it does, change the request uri to the resource s3 url.
如果没有,请向后端服务器发送请求以渲染资源,将其存储在s3上并返回.
if not, send a request to a backend server to render the resource, store on s3 and return it.
我在获取网站的原始域时遇到问题.例如,如果我尝试访问"my_website.domain.com"-在我的lambda函数中,我没有请求中的此域信息.
I'm having trouble getting the origin domain of the website. For example, if I try to access "my_website.domain.com" - in my lambda function i don't have this domain info from the request.
我认为我可以实现另一个lambda @ edge函数作为查看器请求,以将域作为标头传递,但是如果可以的话,我宁愿避免这种情况.
I think I can implement another lambda@edge function as viewer request to pass the domain as a header, but if I can, I prefer to avoid that.
还有其他解决方法吗?
谢谢
推荐答案
因此,您的用例存在的问题是,公开给您的Origin-request L @ E函数的主机标头的值是s3存储桶的域名,而不是从查看器收到的原始主机头CloudFront,对吗?
So the problem with your use case is that the value of the host header exposed to your origin-request L@E function is the domain name of the s3 bucket, and not the original host header CloudFront has received from a viewer, correct?
为了查看从查看器收到的原始Host标头CloudFront,您需要将其列入白名单.但是,CloudFront当前不允许将s3来源的标头列入白名单.这是应该由CloudFront修复的错误/限制.不过,有一种解决方法.如果s3存储桶是可公开访问的(即您未使用原始访问身份),则可以使用网站端点(例如mybucket.s3-website-us-east-1.amazonaws.com)将S3原始配置为自定义原始.然后,您将能够将主机标头列入白名单,并按照查看者的要求查看网站的域名.然后,您可以根据用例修改原始请求.也不要忘记将主机标头更改回s3端点,以便S3接受请求.
In order to see the original Host header CloudFront received from the viewer, you need to whitelist it. However, CloudFront currently doesn't allow to whitelist headers for s3 origins. This is a bug/limitation that should be fixed by CloudFront. There is a workaround though. If the s3 bucket is publicly accessible (i.e. you are not using origin access identity), you can configure your S3 origin as a custom origin using a website endpoint like mybucket.s3-website-us-east-1.amazonaws.com. Then, you will be able to whitelist the host header and see the domain name of your website as requested by the viewer. You can then modify the origin request according to your use case. Don't forget also to change the host header back to the s3 endpoint so that S3 would accept the request.
这篇关于从AWS lambda @ edge访问原始URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
