Cloudfront 和 ELB 从 http 重定向到 https 的问题

问题描述 投票:0回答:0

我有简单的堆栈:EC2、ELB、Route53 和 Cloudfront。 我想在缓存策略中启用 CachingOptimized 但是我在 Firefox 中出现错误:

The page isn’t redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.

我有一些来自 Cloudfront 的重要配置:

Origin: main-albxxxxxx-amazonaws.com 
Protocol: HTTPS only

行为

Origin and origin groups: main-albxxxxxx-amazonaws.com
Viewer protocol policy: Redirect HTTP to HTTPS
Cache policy:CachingOptimized
Origin request policy - optional: AllViewer

ELB 中的听众:

HTTPS:443
Forward to
prod-tg-1 : 1 (100%)
Group-level stickiness: Off

HTTP:80
If (all match)
Request is not otherwise routed
Then
Redirect to HTTPS://#{host}:443/#{path}?#{query}
Status code: HTTP_301

53 号公路: CloudFront 分发的别名

我想从 www.和 http 到 https。

https://www.redirect-checker.orgI我得到错误: 重定向太多。请尽量减少重定向次数。实际上你使用了 19 个重定向。理想情况下,您不应在重定向链中使用超过 3 个重定向。超过 3 个重定向会在您的服务器上产生不必要的负载并降低速度,最终导致糟糕的用户体验。 分发 ID 或 URL: CloudFront 请求 ID (X-Amz-Cf-Id): 错误信息:

卷曲-v 缓存禁用

* Connected to example.com (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=www.example.com
*  start date: Feb 21 00:00:00 2023 GMT
*  expire date: Jul  3 23:59:59 2023 GMT
*  subjectAltName: host "example.com" matched cert's "example.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55815ae6fe90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: example.com
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200 
< content-type: text/html; charset=UTF-8
< date: Fri, 03 Mar 2023 20:13:17 GMT
< cache-control: must-revalidate, no-cache, private
< content-language: en
< expires: Sun, 19 Nov 1978 05:00:00 GMT
< permissions-policy: interest-cohort=()
< server: Apache/2.4.54 (Debian)
< vary: Accept-Encoding
< x-content-type-options: nosniff
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-generator: Drupal 9 (https://www.drupal.org)
< x-ua-compatible: IE=edge
< x-cache: Miss from cloudfront
< via: 1.1 740769d10d5ef217a54d33b1ec64faf4.cloudfront.net (CloudFront)
< x-amz-cf-pop: FRA56-P3
< alt-svc: h3=":443"; ma=86400
< x-amz-cf-id: pMRmxUYZ12XIdG0aca3JOxGPTJmCO61FCwDc0776RtgVHOtfdP-hxA==

< 
<!DOCTYPE html>
  </body>
</html>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host example.com left intact

缓存优化

  ~ curl -v https://example.com
*   Trying 108.138.51.45:443...
* Connected to example.com (108.138.51.45) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=www.example.com
*  start date: Feb 21 00:00:00 2023 GMT
*  expire date: Jul  3 23:59:59 2023 GMT
*  subjectAltName: host "example.com" matched cert's "example.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x5564f16c1e90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: example.com
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 301 
< content-type: text/html; charset=iso-8859-1
< content-length: 312
< location: http://example.com/
< date: Sun, 26 Feb 2023 21:04:13 GMT
< cache-control: max-age=1209600
< expires: Sun, 12 Mar 2023 21:04:13 GMT
< server: Apache/2.4.54 (Debian)
< x-content-type-options: nosniff
< x-cache: Hit from cloudfront
< via: 1.1 444c86780ce99d2fc729208a25cb6aa2.cloudfront.net (CloudFront)
< x-amz-cf-pop: WAW51-P2
< alt-svc: h3=":443"; ma=86400
< x-amz-cf-id: 2Yx7ai-qlcR8vG7GlWOnrVExnN4C4adxzDDcQ85vpn6JJZ8AYgypBA==
< age: 429589
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://example.com/">here</a>.</p>
<hr>
<address>Apache/2.4.54 (Debian) Server at www.example.com Port 80</address>
</body></html>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host example.com left intact

和错误:ERR_TOO_MANY_REDIRECTS

amazon-web-services amazon-cloudfront amazon-elb amazon-route53 http-redirect
© www.soinside.com 2019 - 2024. All rights reserved.