Cloudfront 自定义源分发返回 502“无法满足错误请求".对于某些 URL [英] Cloudfront custom-origin distribution returns 502 "ERROR The request could not be satisfied." for some URLs

问题描述

我们有一个带有自定义来源的 Cloudfront 发行版，它已经运行了很长时间，为我们的一个站点提供静态资产.就在今天早上，我们注意到我们的徽标显示为断开的链接.

We have a Cloudfront distribution with custom origin that has been working just fine for quite a long time, serving static assets for one of our sites. Just this morning, we noticed that our logo was displaying as a broken link.

经过进一步调查，Cloudfront 返回了一条奇怪的错误消息，这是我以前从未见过的有关 相关网址的错误消息:

Upon further investigation, Cloudfront is returning a strange error message that I've never seen before for the URL in question:

由云前沿(CloudFront)生成

ERROR

The request could not be satisfied.

---

---

Generated by cloudfront (CloudFront)

此发行版中的其他几个 Cloudfront URL 返回相同的错误，但其他一些(同样来自同一发行版)工作正常.我没有看到什么有效和什么无效的模式.

Several other Cloudfront URLs from this distribution return the same error, but then others (again, from the same distribution) are working just fine. I don't see a pattern to what works and what doesn't.

其他一些数据点:

• 原始 URL 工作正常.据我所知，最近服务没有中断.
• 我已经明确地使徽标网址无效，但没有任何效果.
• 我已使分发的根 URL 无效，但没有任何效果.

• The origin URLs work just fine. There's been no recent interruption in service, to my knowledge.
• I've invalidated the logo URL specifically, to no effect.
• I've invalidated the root URL of the distribution, to no effect.

知道这里发生了什么吗?我以前从未见过 Cloudfront 这样做过.

Any idea what's going on here? I've never seen Cloudfront do this before.

更新:

这是来自 Cloudfront 的逐字 HTTP 响应:

Here's the verbatim HTTP response from Cloudfront:

$ http GET https://d2yu7foswg1yra.cloudfront.net/static/img/crossway_logo.png
HTTP/1.1 502 Bad Gateway
Age: 213
Connection: keep-alive
Content-Length: 472
Content-Type: text/html
Date: Wed, 18 Dec 2013 17:57:46 GMT
Server: CloudFront
Via: 1.1 f319e8962c0268d31d3828d4b9d41f98.cloudfront.net (CloudFront)
X-Amz-Cf-Id: H_HGBG3sTOqEomHzHubi8ruLbGXe2MRyVhGBn4apM0y_LjQa_9W2Jg==
X-Cache: Error from cloudfront

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
</BODY></HTML>

<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated by cloudfront (CloudFront)
</ADDRESS>
</BODY></HTML>

推荐答案

我最近遇到了一个类似的问题，结果是由于我使用的 ssl_ciphers.

I had a similar issue recently which turned out to be due to ssl_ciphers that I was using.

来自 http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html,

"CloudFront 使用 SSLv3 或 TLSv1 协议和 AES128-SHA1 或 RC4-MD5 密码将 HTTPS 请求转发到源服务器.如果您的源服务器不支持 AES128-SHA1 或 RC4-MD5 密码，则 CloudFront 无法建立到您的源的 SSL 连接."

"CloudFront forwards HTTPS requests to the origin server using the SSLv3 or TLSv1 protocols and the AES128-SHA1 or RC4-MD5 ciphers. If your origin server does not support either the AES128-SHA1 or RC4-MD5 ciphers, CloudFront cannot establish an SSL connection to your origin. "

我不得不更改我的 nginx 配置以将 AES128-SHA(不推荐使用的 RC4:HIGH)添加到 ssl_ciphers 以修复 302 错误.我希望这有帮助.我已经粘贴了 ssl.conf 中的行

I had to change my nginx confg to add AES128-SHA ( deprecated RC4:HIGH ) to ssl_ciphers to fix the 302 error. I hope this helps. I have pasted the line from my ssl.conf

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;

这篇关于Cloudfront 自定义源分发返回 502“无法满足错误请求".对于某些 URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！