S" 上的带有 cloudfront 的 Hugo 不会重定向到 index.html。Terraform 配置

问题描述 投票:0回答:1

我有一个 Hugo 网站,我正在尝试将其部署到 S3,并使用 Cloudfront 发行版。我正在使用 Terraform 进行配置。到目前为止,这就是我所拥有的(我排除了证书/域部分,它们有效):

s3.tf:

resource "aws_s3_bucket" "my_site_bucket" {
  bucket = var.domain_name
  tags = local.storage_tags
}

data "aws_iam_policy_document" "s3_bucket_policy" {
  statement {
    sid = "1"

    actions = [
      "s3:GetObject",
    ]

    resources = [
      "arn:aws:s3:::${var.domain_name}/*",
    ]

    principals {
      type = "AWS"

      identifiers = [
        aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn,
      ]
    }
  }
}

resource "aws_s3_bucket_policy" "s3_bucket_policy" {
  bucket = aws_s3_bucket.my_site_bucket.id
  policy = data.aws_iam_policy_document.s3_bucket_policy.json
}

cloudfront.tf:

resource "aws_cloudfront_distribution" "my_cloudfront" {
  depends_on = [
    aws_s3_bucket.my_site_bucket
  ]

  origin {
    domain_name = aws_s3_bucket.my_site_bucket.bucket_regional_domain_name
    origin_id   = "s3-cloudfront"

    s3_origin_config {
      origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
    }
  }
  enabled             = true
  is_ipv6_enabled     = true
  default_root_object = "index.html"
  aliases             = [var.domain_name]

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "s3-cloudfront"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }
  price_class = "PriceClass_200"

  viewer_certificate {
    cloudfront_default_certificate = true
    acm_certificate_arn            = aws_acm_certificate.my_site.arn
    ssl_support_method             = "sni-only"
    minimum_protocol_version       = "TLSv1"
  }

  tags = local.cdn_tags
}

resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
  comment = "access-identity-${var.domain_name}.s3.amazonaws.com"
}

当我使用此配置部署我的hugo 网站时,它“有点有效”。根 URL 

fancydomain.com
有效,并且根 
index.html
在浏览器中呈现。但是,当我单击某个链接(例如 
fancydomain.com/blog/post-1
)时,我收到关键错误、访问被拒绝消息。当我输入 url 
fancydomain.com/blog/post-1/index.html
时,页面会按预期显示。我研究过这个问题,之前已经提到过很多次了。我尝试了所有能找到的答案的可能组合,但从未成功。 我理解错误:cloudfront 正在尝试使用特定密钥访问文件,例如:
s3://fancydomain.com/blog/post-1
,但它不存在。 
s3://fancydomain.com/blog/post-1/index.html
确实存在。

我不知道如何修复我的 terraform 配置。请问您能帮忙吗?

amazon-web-services amazon-s3 terraform amazon-cloudfront hugo
1个回答
0
投票

您必须添加

resource "aws_s3_bucket_public_access_block" "bucket_restriction" {
  bucket = var.your_bucket_information.id

  block_public_acls = true
  block_public_policy = true
  ignore_public_acls = true
  restrict_public_buckets = true
  depends_on = [
    aws_s3_bucket_policy.web_distribution
  ]
}

这就是我们如何创建限制以避免使用 S3 生成的 URL 进行访问。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.