如何使AWS api网关接受http而不是https

时间:2017-04-05 15:58:43

标签: amazon-web-services aws-lambda aws-api-gateway

我有一个由API网关代理的Lambda函数。但是,API网关仅公开http s 而不是http。我到处搜索,但看起来像API网关是不可能接受http。

所以我的问题是如何将http客户端调用转换为https并发送到api网关?我问,因为我的客户端只能进行http调用,他们不会改变。

4 个答案:

答案 0 :(得分:7)

您可以将Cloudfront分发放在API Gateway前面,并进行以下设置:

  • 原始协议策略:仅限HTTPS
  • 查看器协议策略:HTTP和HTTPS
  • 转发标题:无
  • 对象缓存:使用原始缓存标头

答案 1 :(得分:6)

我最近与AWS代表进行了长达4小时的电话通话,了解我们在生产阶段遇到的类似问题。我的情况类似,在APIGateway中我们无法改变它来解决它(代表尝试各种技巧,但似乎没有任何工作)。因此,我们的结论是将EC2实例作为APIGateway的代理服务器并转发所有流量。还有一些额外的工作,比如转移域名,但总的来说它运作得很好。在您的情况下,因为您只需要重定向HTTP流量,一个简单的ElasticBeanstalk代理应用程序可能就足够了(EB默认使用HTTP并且位于Nginx代理服务器之后)。

答案 2 :(得分:6)

CloudFront是一种快速解决方案,因为与实例化Elastic Beanstalk相比,它更容易设置。

我花了几个小时试图做到这一点,所以只是为了分享一些好的写作和一个温和的提醒:

  1. Smartcam project使用 Amazon API网关 CloudFront ,它详细介绍了设置步骤。
  2. 亚马逊文档中提供的official example演示了如何使用查询字符串参数创建GET和POST方法(例如/ search?keyword = mars& ...), JSON有效负载以及路径参数。必读!
  3. 个人2美分:
    • 如果您使用的是查询字符串参数,请务必编辑行为cloudfront panel,然后在查询字符串转发和缓存下选择转发全部,全部缓存querystring forwarding choice
    • 或者,请阅读this doc以了解另外两种可能的配置。
    • 如果您已将 Origin Path 设置为阶段变量(默认情况下为/prod),那么当您调用CloudFront域时,请跳过{ {1}},只需:/prodorigin path screenshot

答案 3 :(得分:1)

您可以仅为HTTP到HTTPS重定向创建CloudFront分配。

我建议您首先为您的域获取SSL证书,在ACM (Certificate Manager)中,该区域必须为us-east-1。

CloudFront中,单击Create Distribution,然后选择“ Web”以创建Web分发。

这是您可能使用的所有设置,并带有一些额外的说明。请注意,在此示例中,我将v0用作API网关阶段。

# ORIGIN SETTINGS
# ---

# Origin Domain Name - Paste the domain name of your API Gateway > Stages > v0 but without the path at the end
Origin Domain Name: https://<getway-id>.execute-api.eu-central-1.amazonaws.com

# Origin Path - The name of your API Gateway stage
Origin Path: /v0

# Origin ID - The ID for this origin
# By default it will be defined as `Custom-<getway-id>.execute-api.eu-central-1.amazonaws.com/v0`
# I replace `Custom` by `v0` just to quickly recognise it in the list later on.
Origin ID: v0-<getway-id>.execute-api.eu-central-1.amazonaws.com/v0

# Minimum Origin SSL Protocol - Choose the minimum SSL protocol for CloudFront to use when it establishes an HTTPS connection to your origin.
Minimum Origin SSL Protocol: TLSv1.2

# Origin Protocol Policy - HTTPS since that is all that API Gateway supports. So with HTTPS CloudFront to connects to your origin only over HTTPS.
Origin Protocol Policy: HTTPS

# DEFAULT CACHE BEHAVIOR SETTINGS
# ---

# Viewer Protocol Policy - CloudFront allowed protocol to access your web content
Viewer Protocol Policy: Redirect HTTP to HTTPS

# Allowed HTTP Methods - HTTP methods you want to allow for this cache behavior
# Select at least GET, HEAD, OPTIONS
Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

# Compress Objects Automatically - No since we are not serving files via CloudFront, we are just returning redirects
Compress Objects Automatically: No


# DISTRIBUTION SETTINGS
# ---

# Price Class
# There is no extra charge for using extra locations, so you may leave it on `Use All Edge Locations`. The total request count is aggregated across all locations for the free tier.
Price Class: Use All Edge Locations

# Alternate Domain Names (CNAMEs) - The domain names of your websites
Alternate Domain Names (CNAMEs): www.example.com

# SSL Certificate - The `Custom SSL Certificate` MUST be a certificate obtained in us-east-1
# So, you may go to ACM (certificate manager) and request a certificate there
# https://console.aws.amazon.com/acm/home?region=us-east-1
SSL Certificate: Custom SSL Certificate > www.example.com

# Custom SSL Client Support - Leave to default value
Custom SSL Client Support: Clients that Support Server Name Indication (SNI)

# Security Policy - Leave to default value
Security Policy: TLSv1.2_2018

一旦部署了CloudFront发行版,请转到Route 53并在托管区域中选择您的域名。

创建记录集> A 或选择现有的A记录。然后在Record Edition控制台中:

Alias设置为“是”。然后设置Alias Target,使其指向您的CloudFront发行版(如果您之前定义的,则指向您的API网关)。它会出现在一个下拉列表中,就像www.example.com (<cloudfront-id>.cloudfront.net)

相关问题
最新问题