本文介绍了从 http 重定向到 https 时,cloudfront 域被应用程序负载均衡器 dns 名称替换的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 AWS cloudfront &适用于我的应用程序的 AWS 应用程序负载均衡器 (ALB).为端口 80 & 的两个侦听器配置了 Alb443,都将流量转发到 HTTP 上的单个目标组(实例类型)(默认规则).Cloudfront 设置为使用 ALB 作为具有给定设置的源.源协议策略 = HTTP,交付方式 = 网络,查看器协议策略 = HTTP &HTTPS &使用默认的 cloudfront ssl 证书.

I'm using AWS cloudfront & AWS application load balancer(ALB) for my application. Alb is configured for two listeners for port 80 & 443, both forward traffic to single target group(instance type) on HTTP(default rule). Cloudfront is set to use ALB as origin which has settings as given.Origin Protocol Policy = HTTP,Delivery Method = Web,Viewer Protocol Policy = HTTP & HTTPS &Using default cloudfront ssl certificate.

由于我的 ALB 正在侦听端口 80 &443,我的应用程序在 http 和https.现在,当我编辑端口 80 侦听器的默认规则以将流量重定向到端口 443(之前设置为转发到 80 上的目标组,如前所述)进行 https 重定向时,我的 cloudfront 域被我的 ALB 域替换,并且资源(css、图像等)无法加载.

Since my ALB is listening on ports 80 & 443, my application works well on both http & https. Now when I edit the default rule for listener for port 80 to redirect traffic to port 443(previously set to forward to target group on 80 as mentioned earlier) for https redirection, my cloudfront domain got replaced by my ALB domain, and resouces(css, images etc.) are failing to load.

例如重定向前资源的 URL - daxxxxxxxxxxxx.cloudfront.net/media/jdfghusfe/abc.png(带有 cloudfront 域)

e.g. Before redirectionUrl for a resource - daxxxxxxxxxxxx.cloudfront.net/media/jdfghusfe/abc.png ( with cloudfront domain)

重定向后-
资源 URL - main-albxxxxxx-amazonaws.com/media/jdfghusfe/abc.png

有人可以帮忙吗?提前致谢.

Can anyone help?Thanks in advance.

推荐答案

好的,我们已经解决了这个问题.首先,我们没有绕过 Host 标头.因此,为了使其正常工作,我们将基于选定请求标头的缓存"设置为白名单 &白名单主机头.(要了解更多信息,请参阅此答案 AWS Cloudfront + 负载均衡器,url 从主域更改为负载均衡器子域)现在,当主机设置正确时,我们要么遇到无限重定向循环,要么遇到错误的证书错误.为了摆脱这种情况,我们改变了 CDN(云前端)与我们的负载均衡器建立连接的方式.以前只能通过 HTTP 来避免证书出现任何问题.但现在这是不可能的,因为我们从 HTTP 重定向,它会创建一个无限的重定向循环.因此我们在 CDN ALB 连接中配置了 HTTPS(将 Origin Protocol Policy 更新为 HTTPS).并且为了绕过证书问题,将 xxxxx.cloudfront.net 域更改为 cdn.mysite.com(在 route53 配置中使用 CNAME)并添加我们使用的自定义证书对于 *.mysite.com.

Okay we've resolved this. Firstly, we were not bypassing the Host header. So to get it working we set 'Cache Based on Selected Request Headers' to whitelist & whitelist Host header. (To know more see this answer AWS Cloudfront + Load Balancer, url changes from main domain to load balancer subdomain) Now when host is set correctly, we were either hitting the infinite redirect loop or wrong certificate error. to get out of this we changed how CDN (cloudfront) is establising connection with our load balancer. Previously it was only by HTTP to avoid any problems with certificates. But now it's impossible, because we're redirecting from HTTP and it'd create an infinite redirection loop. So we configured HTTPS in CDN <-> ALB connection(updated Origin Protocol Policy to HTTPS). And in order to bypass problems with certificates, changed xxxxx.cloudfront.net domain to the cdn.mysite.com(using CNAME in route53 configurations) and added our custom certificate used for *.mysite.com.

这篇关于从 http 重定向到 https 时,cloudfront 域被应用程序负载均衡器 dns 名称替换的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-01 20:44