在Amazon S3上将SSL称为“静态网站". [英] SSL on Amazon S3 as "static website"
问题描述
我在S3上有一个存储桶,需要利用静态网站"功能才能利用路由规则功能.启用它会破坏内置的ssl证书.是否有内置机制在使用静态网站托管时支持S3存储桶上的SSL请求?如果不提供此功能,则似乎会严重错过功能.
I have a bucket on S3 that needs to utilize the "static website" functionality in order to take advantage of the routing rules capabilities. Enabling this broke the built in ssl certificate. Is there a built in mechanism for supporting SSL requests on the S3 bucket while using the static website hosting? It seems like a major miss in functionality if this isn't present.
还请注意,由于托管的CSS遇到了CORS问题,只有S3存储桶可以使用其CORS配置选项来解决此问题,我需要此功能才能在CloudFront之外发挥作用.
Also note that I need this to function outside of CloudFront as the hosted CSS suffers from CORS issues, which only the S3 bucket can resolve with its CORS Configuration options.
谢谢.
推荐答案
静态托管和SSL不能一起使用.如您所知,您可以在REST端点上使用ssl通配符证书,但是随后您会丢失路由规则.而且,正如您显然已经发现的那样,除非您有非常慷慨的CORS政策,否则Cloudfront对CORS的支持在一定程度上是有限的.
Static hosting and SSL do not work together. You could, as you know, use the ssl wildcard cert on the REST endpoint, but then you lose routing rules. And, as you have apparently found, Cloudfront's support for CORS is somewhat limited from what I can tell unless you have a very generous CORS policy.
2013年5月10日来自AWS产品经理:
From an AWS product manager on 2013-05-10:
感谢您的所有反馈.S3静态网站托管当前不支持SSL证书.我们将来可能会考虑添加此支持.请保持您的反馈!
Thanks for all your feedback. S3 static website hosting currently does not support SSL certificates. We may consider adding this support in the future. Please keep your feedback coming!
https://forums.aws.amazon.com/thread.jspa?threadID = 60821#450167
想到的唯一值得关注的替代方法(我过去已成功实现)是在同一区域的EC2上使用反向代理(HAProxy?Nginx?Apache?甚至stunnel4?Others?).终止SSL并将请求代理到S3.在同一区域中,EC2和S3之间不收取带宽费用,因此唯一的成本就是实例的成本……最终仍可能低于使用Cloudfront的成本,并且应该具有可比性(不考虑缓存方面,当然).
The only noteworthy alternative that comes to mind -- which I have implemented successfully in the past -- is to use a reverse proxy (HAProxy? Nginx? Apache? Maybe even stunnel4? Others?) on EC2 in the same region to terminate the SSL and proxy the requests over to S3. In the same region, there are no bandwidth charges between EC2 and S3 so the only cost is that of the instance... which could still end up being less than the cost of using Cloudfront, and should perform comparably (without the caching aspect, of course).
这篇关于在Amazon S3上将SSL称为“静态网站".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
