本文介绍了Cloudfront 自定义源分发返回 502“无法满足错误请求".对于某些 URL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们有一个带有自定义来源的 Cloudfront 发行版,它已经运行了很长时间,为我们的一个站点提供静态资产.就在今天早上,我们注意到我们的徽标显示为断开的链接.

We have a Cloudfront distribution with custom origin that has been working just fine for quite a long time, serving static assets for one of our sites. Just this morning, we noticed that our logo was displaying as a broken link.

经过进一步调查,Cloudfront 返回了一条奇怪的错误消息,这是我以前从未见过的有关 相关网址的错误消息:

Upon further investigation, Cloudfront is returning a strange error message that I've never seen before for the URL in question:

由云前沿(CloudFront)生成

此发行版中的其他几个 Cloudfront URL 返回相同的错误,但其他一些(同样来自同一发行版)工作正常.我没有看到什么有效和什么无效的模式.

Several other Cloudfront URLs from this distribution return the same error, but then others (again, from the same distribution) are working just fine. I don't see a pattern to what works and what doesn't.

其他一些数据点:

  • 原始 URL 工作正常.据我所知,最近服务没有中断.
  • 我已经明确地使徽标网址无效,但没有任何效果.
  • 我已使分发的根 URL 无效,但没有任何效果.
  • The origin URLs work just fine. There's been no recent interruption in service, to my knowledge.
  • I've invalidated the logo URL specifically, to no effect.
  • I've invalidated the root URL of the distribution, to no effect.

知道这里发生了什么吗?我以前从未见过 Cloudfront 这样做过.

Any idea what's going on here? I've never seen Cloudfront do this before.

更新:

这是来自 Cloudfront 的逐字 HTTP 响应:

Here's the verbatim HTTP response from Cloudfront:

$ http GET https://d2yu7foswg1yra.cloudfront.net/static/img/crossway_logo.png
HTTP/1.1 502 Bad Gateway
Age: 213
Connection: keep-alive
Content-Length: 472
Content-Type: text/html
Date: Wed, 18 Dec 2013 17:57:46 GMT
Server: CloudFront
Via: 1.1 f319e8962c0268d31d3828d4b9d41f98.cloudfront.net (CloudFront)
X-Amz-Cf-Id: H_HGBG3sTOqEomHzHubi8ruLbGXe2MRyVhGBn4apM0y_LjQa_9W2Jg==
X-Cache: Error from cloudfront

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
</BODY></HTML>

<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated by cloudfront (CloudFront)
</ADDRESS>
</BODY></HTML>

推荐答案

我最近遇到了一个类似的问题,结果是由于我使用的 ssl_ciphers.

I had a similar issue recently which turned out to be due to ssl_ciphers that I was using.

来自 http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html,

"CloudFront 使用 SSLv3 或 TLSv1 协议和 AES128-SHA1 或 RC4-MD5 密码将 HTTPS 请求转发到源服务器.如果您的源服务器不支持 AES128-SHA1 或 RC4-MD5 密码,则 CloudFront 无法建立到您的源的 SSL 连接."

"CloudFront forwards HTTPS requests to the origin server using the SSLv3 or TLSv1 protocols and the AES128-SHA1 or RC4-MD5 ciphers. If your origin server does not support either the AES128-SHA1 or RC4-MD5 ciphers, CloudFront cannot establish an SSL connection to your origin."

我不得不更改我的 nginx 配置以将 AES128-SHA(不推荐使用的 RC4:HIGH)添加到 ssl_ciphers 以修复 302 错误.我希望这有帮助.我已经粘贴了 ssl.conf 中的行

I had to change my nginx confg to add AES128-SHA ( deprecated RC4:HIGH ) to ssl_ciphers to fix the 302 error. I hope this helps. I have pasted the line from my ssl.conf

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;

这篇关于Cloudfront 自定义源分发返回 502“无法满足错误请求".对于某些 URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-05 16:15
查看更多