SSL在Amazon S3上为"静态网站" [英] SSL on Amazon S3 as "static website"
问题描述
我对S3水桶,需要利用静态网站功能,以便采取的路由规则的能力优势。启用此打破了内置的SSL证书。是否有一个内置的机制,同时采用了静态的网站托管在S3存储支持SSL请求?这似乎是在功能上主要的思念,如果这不是present。
I have a bucket on S3 that needs to utilize the "static website" functionality in order to take advantage of the routing rules capabilities. Enabling this broke the built in ssl certificate. Is there a built in mechanism for supporting SSL requests on the S3 bucket while using the static website hosting? It seems like a major miss in functionality if this isn't present.
另外请注意,我需要这个功能CloudFront的外部从CORS问题,其中只有S3存储可以与其CORS的配置选项解析托管CSS受到影响。
Also note that I need this to function outside of CloudFront as the hosted CSS suffers from CORS issues, which only the S3 bucket can resolve with its CORS Configuration options.
感谢。
推荐答案
静态主机和SSL不一起工作。你可以,你也知道,请使用REST端点的SSL通配符证书,但你失去了路由规则。而且,正如你显然已经发现的Cloudfront的对CORS的支持在某种程度上从我可以告诉,除非你有一个非常慷慨的CORS政策的限制。
Static hosting and SSL do not work together. You could, as you know, use the ssl wildcard cert on the REST endpoint, but then you lose routing rules. And, as you have apparently found, Cloudfront's support for CORS is somewhat limited from what I can tell unless you have a very generous CORS policy.
从AWS产品经理在2013年5月10号:
From an AWS product manager on 2013-05-10:
感谢您的反馈意见。 S3的静态网站目前托管不支持SSL证书。我们可能会考虑加入这一支持,在未来的。请将您的反馈来了!
Thanks for all your feedback. S3 static website hosting currently does not support SSL certificates. We may consider adding this support in the future. Please keep your feedback coming!
https://forums.aws.amazon.com/thread。 JSPA?主题ID = 60821#450167
唯一值得注意的替代想到的 - 这是我在过去成功地实施了 - 是使用反向代理(???HAProxy的Nginx的阿帕奇甚至stunnel4其他?)在EC2上在同一地区终止SSL和代理转移到S3中的请求。在同一地区,有EC2和S3之间没有带宽费用因此唯一的成本是该实例...这可能最终仍然小于使用的Cloudfront的成本,并应该执行同等(没有缓存方面,当然)。
The only noteworthy alternative that comes to mind -- which I have implemented successfully in the past -- is to use a reverse proxy (HAProxy? Nginx? Apache? Maybe even stunnel4? Others?) on EC2 in the same region to terminate the SSL and proxy the requests over to S3. In the same region, there are no bandwidth charges between EC2 and S3 so the only cost is that of the instance... which could still end up being less than the cost of using Cloudfront, and should perform comparably (without the caching aspect, of course).
这篇关于SSL在Amazon S3上为"静态网站"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
