将 http://请求重定向到 AWS API Gateway 上的 https://(使用自定义域) [英] Redirect http:// requests to https:// on AWS API Gateway (using Custom Domains)

问题描述

我正在使用 AWS API Gateway自定义域.当我尝试访问 https://www.mydomain.com 时它运行良好，但是当我尝试访问 http://www.mydomain.com 时它无法连接.

I'm using AWS API Gateway with a custom domain. When I try to access https://www.mydomain.com it works perfectly, but when i try http://www.mydomain.com it can't connect.

有没有办法重定向http ->https 与 API Gateway 中的自定义域?如果没有，有没有办法让 http://链接像 https://链接一样工作?

Is there a way to redirect the http -> https with the custom domain in API Gateway? If not, is there a way to get the http:// links to work just like the https:// links?

推荐答案

API Gateway 不直接支持没有 TLS 的 http，大概是作为一种安全功能，以及一些实际考虑.

API Gateway doesn't directly support http without TLS, presumably as a security feature, as well as for some practical considerations.

一般来说，对于 API 来说，没有特别好的方法可以做到这一点，因为将 POST 请求从 HTTP 重定向到 HTTPS 实际上有点毫无意义——到重定向时，数据已经不安全地发送了生成，除非客户端在发送正文之前要求服务器检查请求标头，使用 Expect: 100-continue.

There is not a particularly good way to do this for APIs in general, because redirection of a POST request from HTTP to HTTPS is actually a little bit pointless -- the data is has already been sent insecurely by the time the redirect is generated, unless the client has asked the server to inspect the request headers before the body is sent, with Expect: 100-continue.

您可以创建 CloudFront 分配，并将其配置为将 GET 和 HEAD 请求从 HTTP 重定向到 HTTPS...但如果您发送 POST 请求到这样的分配，CloudFront 不会重定向——它只是抛出一个错误，因为(如前所述)这样的重定向弊大于利.

You can create a CloudFront distribution, and configure it to redirect GET and HEAD requests from HTTP to HTTPS... but if you send a POST request to such a distribution, CloudFront doesn't redirect -- it just throws an error, since (as noted) such a redirection would be more harmful than helpful.

但是...如果 GET 是您的应用程序，那么它非常简单:首先，使用区域(非边缘优化)API 端点部署您的 API，并带有系统分配的主机名，而不是自定义域.

However... if GET is your application, then it's pretty straightforward: first, deploy your API with a Regional (not Edge-Optimized) API endpoint with a system-assigned hostname, not a custom domain.

然后，创建一个使用此区域 API 端点作为其源服务器的 CloudFront 分配，并将 CloudFront 分配的行为配置为将 HTTP 重定向到 HTTPS.将您的自定义域名与 CloudFront 分配相关联，而不是直接与 API Gateway 相关联.

Then, create a CloudFront distribution that uses this regional API endpoint as its origin server, and configure the CloudFront distribution's behavior to redirect HTTP to HTTPS. Associate your custom domain name with the CloudFront distribution, rather than with API Gateway directly.

这篇关于将 http://请求重定向到 AWS API Gateway 上的 https://(使用自定义域)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！