用 lambda@edge 重写 cloudfront 源主机,如何? [英] rewrite cloudfront origin host with lambda@edge, how?
问题描述
我看到有人在谈论如何根据各种信息重写 URI.但我想规范化请求的域名.这是我尝试过的:
I see people talking about how to rewrite a URI based on various information. But I'd like to normalize the domain name that is being requested. Here's what I've tried:
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
if (request.method.toUpperCase() != 'GET') {
callback(null, request);
return;
}
request.origin = {
custom: {
domainName: 'slashdot.org',
port: 443,
protocol: 'https',
path: request.uri
}
};
request.headers.host = {
"key": "Host",
"value": request.origin.custom.domainName
};
console.log("returning req:", request);
callback(null, request);
}
我希望这会拉起请求,然后 Cloudfront 会针对我的规范化域发出请求.(对于示例和测试,我使用的是 slashdot,因为很明显它不是我的 内容).
I was hoping that would pull up the request and that cloudfront would then make a request against my canonicalized domain. (for the example and testing, I'm using slashdot, since it's obvious it isn't my content).
最终,我试图规范化请求而不进行重定向,而是在命中命中源之前重写请求.
Ultimately, I'm trying to canonicalize a request without doing redirects, but instead rewriting the request before hit hits the origin.
推荐答案
哦,不错.我终于想出了如何做到这一点.首先,一些限制:
Oh, neat. I finally figured out how to do this. First, some restrictions:
- 使用 https 这仅适用于您证书下的域.所以我不能使用
mydomain.com和slashdot.org除非我是 CmdrTaco.没关系,我的 AWS ACM 证书包括三个域,其中一个是我的实际域.我将在下面将其称为actualdomain.com. - 这不能在查看者请求上完成,只能在来源请求上完成,如
host对于查看者请求是只读的.立>
- With https this only works for domains under your certificate. So I can't use
mydomain.comandslashdot.orgunless I'm CmdrTaco. That's fine, my AWS ACM cert includes three domains, one of which is my actual domain. I'll call thatactualdomain.combelow. - This cannot be done on the viewer request, only the origin request, as
hostis read-only for the viewer request.
鉴于此,我使用了示例:使用源请求触发器从 Amazon S3 源更改为自定义源",并稍作修改.这是完整的 Lambda 代码.
Given that, I used "Example: Using an Origin-Request Trigger to Change From an Amazon S3 Origin to a Custom Origin" with some minor modifications. Here's the full Lambda code.
'use strict';
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
const destDomain = 'actualdomain.com';
/* Set custom origin fields*/
request.origin = {
custom: {
domainName: destDomain,
port: 443,
protocol: 'https',
path: '',
sslProtocols: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],
readTimeout: 5,
keepaliveTimeout: 5,
customHeaders: {}
}
};
request.headers['host'] = [{ key: 'host', value: destDomain}];
callback(null, request);
};
因此,类似于文档中给出的示例,destDomain 是实际域,我证书中的任何合法域都代理到该 dest,而最终用户实际上看不到 actualdomain.com.
So, similar to the example given in the docs, destDomain is the actual domain, and any legitimate domain in my certificate is proxied to that dest, without the end user actually seeing actualdomain.com.
这篇关于用 lambda@edge 重写 cloudfront 源主机,如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
