我正在玩CloudFront,我遇到了一个自定义来源的问题。 S3上有我的前端,这些都是静态的。 CloudFront正在为这些人提供服务。当我设置一个新行为以在负载均衡器后面路由到我的后端API时,CloudFront实际上并不路由流量。路径模式和原点是正确定义的 - 它不是路由。
我可以点击我的前端:
https://somerandomstring.cloudfront.net/apps/myapp/resources/index.html
登录时,会尝试POST到/myapi/rest/Login?<some_query_string>
我在CloudFront中配置了两个来源。
+---------------------------+------------+-------------+---------+
| Origin | | Origin | Protocol |
| Name/Path | ID | Type | Policy |
+===========================+============+========+==============+
| mybucket.s3.amazonaws.com | S3-origin | S3 | None |
| myelb.amazonaws.com | ELB-origin | Custom | Match Viewer |
+---------------------------+------------+--------+--------------+
我已经配置了我的行为。
+---------------+------------+---------------------+-------------+
| | | Viewer | Query |
| Pattern | Origin | Protocol Policy | Strings Fwd |
+===============+============+=====================+=============+
| /myapi/rest/* | ELB-origin | Redir HTTP to HTTPS | Yes |
| Default | S3-origin | Redir HTTP to HTTPS | Yes |
+---------------+------------+---------------------+-------------+
Side note: I spent entirely too much time formatting those tables...
当静态前端尝试POST到/myapi/rest/Login?<some_query_string>时,我得到的是502:
+-----------------------------------------------------------+--------+
| Name | Status |
+===========================================================+========+
| https://cname.cloudfront.net/myapi/rest/Login?<query_str> | 502 |
+-----------------------------------------------------------+--------+
curl -i会返回以下内容:
HTTP/2 502
content-type: text/html
content-length: 587
server: CloudFront
date: Fri, 15 Dec 2017 21:38:13 GMT
x-cache: Error from cloudfront
via: 1.1 861354a025845bd3b87dc25ce80431df.cloudfront.net (CloudFront)
x-amz-cf-id: XKj4fuF6qGAQd-JBIftvUhoAh5SPnzqBOT2HwUQiMIruqiIJhZ5fuw==
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
CloudFront wasn't able to connect to the origin.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: vEQTkS9fmjfQqlWA4ICS62DOLTHps-6wjeVWKvBz0XTNex39Um_wjQ==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY>
任何命中服务器的后端都没有多长时间,CloudFront日志也没有任何帮助。但是,我可以直接POST到我的负载均衡器https://myelb.amazonaws.com/myapi/rest/Login?<some_query_string>就好了。在这一点上,我完全被难倒了。如果可能的话,我真的想避免使用像Nginx这样的东西。
对我可能做错了什么的想法?
答案 0 :(得分:1)
事实证明这是一个SSL证书问题。我在负载均衡器上附加了错误的证书,它正在抛出502.
对于可能遇到此问题的其他任何人,请仔细检查您的证书。并确保您的密码兼容。