【发布时间】:2021-09-02 17:27:43
【问题描述】:
我的网站 https://phillhocking.com 的 Cloudfront 分发出现了一些奇怪的行为
这个 Cloudfront 发行版由 Terraform 管理,下面是我用来实例化它的代码:
resource "aws_cloudfront_distribution" "ghost-lightsail" {
price_class = "PriceClass_100"
origin {
domain_name = var.cloudfront_glue
origin_id = "${var.name}-origin"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
default_root_object = "/"
# lifecycle {
# prevent_destroy = true
# }
aliases = [var.domain_name]
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.name}-origin"
compress = true
forwarded_values {
query_string = true
headers = ["*"]
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
ordered_cache_behavior {
path_pattern = "assets/*"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.name}-origin"
compress = true
forwarded_values {
query_string = true
headers = ["*"]
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
ordered_cache_behavior {
path_pattern = "content/*"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.name}-origin"
compress = true
forwarded_values {
query_string = true
headers = ["*"]
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
ordered_cache_behavior {
path_pattern = "public/*"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.name}-origin"
compress = true
forwarded_values {
query_string = true
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
ordered_cache_behavior {
path_pattern = "img_responsive/*"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.name}-origin"
compress = true
forwarded_values {
query_string = true
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
tags = {
Environment = "${var.name}-dev"
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = var.cloudfront_ssl_acm_arn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.1_2016"
}
}
整个项目位于这里:https://github.com/phillhocking/aws-ghost/tree/dev
您会注意到,redirect-to-https 对于所有内容类型都是正确的,但是,它仍会尝试通过 http 为 Lightsail 实例上的任何图像加载内容,这些图像是 new 帖子,我是不知道如何进一步诊断/排除故障。我的目标是不必对 Lightsail 实例执行任何系统管理任务,并通过 Cloudfront 分发解决此问题。
这只发生在特定帖子中:https://phillhocking.com/new-linkedin-feature-request/
Note the content from the CDN distribution is requesting an http:// image
当您在“开发人员”窗格中单击这些链接时,它会毫无问题地转到图像。为什么 Cloudfront 分发版不会从源头自动管理此行为?
【问题讨论】:
-
哦,我只是注意到在其他页面上它有同样的问题,但是 Chrome (Chromium) “自动升级请求”到 https:// 我不知道为什么它不会发生在另一个帖子上。
标签: terraform amazon-cloudfront terraform-provider-aws amazon-lightsail