【发布时间】:2018-12-04 06:00:09
【问题描述】:
我的设置如下所示:CloudFront CDN with https only 和 EC2 Instnace orign http-only(对 CloudFront 的所有请求都是 https,从 CloudFront 到 ec2 的所有请求都是 http)
如果我在我的应用程序中将安全设置为 true,会话和 cookie 将不再保存在任何浏览器中。如果我将其设置为 false,它可以在大多数浏览器中使用,但 在 Safari 中不起作用。
Rails.application.config.session_store :cookie_store, key: '_K_session', secure: true
我的目标是让会话适用于所有浏览器。我真的不需要安全会话设置。
这是我简化的 Terraform 设置:
resource "aws_cloudfront_distribution" "main_rails_app" {
origin {
domain_name = "${aws_elastic_beanstalk_environment.main_rails_app.cname}"
origin_id = "${var.cf_main_rails_app_origin_id}"
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.1"]
}
}
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = "${var.cf_main_rails_app_origin_id}"
forwarded_values {
query_string = true
headers = ["*"]
cookies {
forward = "all"
}
}
min_ttl = 0
default_ttl = 0
max_ttl = 0
compress = true
viewer_protocol_policy = "redirect-to-https"
}
viewer_certificate {
# cloudfront_default_certificate = true
acm_certificate_arn = "${data.aws_acm_certificate.some_domain.arn}"
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
}
【问题讨论】:
标签: ruby-on-rails amazon-web-services session cookies session-cookies