Amazon web services 使用SNI通过HTTPS提供服务时出现CloudFront错误
Amazon最近在CloudFront上推出了一项新功能,该功能使用SNI(服务器名称指示)免费支持自定义SSL证书 我用StartSSL提供的免费1级证书安装了我的分发版,当我注意到该站点在部署后不久就会崩溃时,一切都正常。运行返回我的证书工作正常: 但是,当我试图通过HTTPS访问该站点时,我会点击这个错误页面(这将适用于第一个请求,然后在随后的连接尝试中失败) 以下是使用ssl访问时的详细输出(索引成功):Amazon web services 使用SNI通过HTTPS提供服务时出现CloudFront错误,amazon-web-services,https,ssl-certificate,amazon-cloudfront,Amazon Web Services,Https,Ssl Certificate,Amazon Cloudfront,Amazon最近在CloudFront上推出了一项新功能,该功能使用SNI(服务器名称指示)免费支持自定义SSL证书 我用StartSSL提供的免费1级证书安装了我的分发版,当我注意到该站点在部署后不久就会崩溃时,一切都正常。运行返回我的证书工作正常: 但是,当我试图通过HTTPS访问该站点时,我会点击这个错误页面(这将适用于第一个请求,然后在随后的连接尝试中失败) 以下是使用ssl访问时的详细输出(索引成功): $curl-I-v-sslhttps://wikichen.is *添加句柄:
$curl-I-v-sslhttps://wikichen.is
*添加句柄:conn:0x7f9f82804000
*正在添加句柄:发送:0
*正在添加句柄:recv:0
*卷曲度加把手尺寸线:长度:1
*-Conn 0(0x7f9f82804000)发送管道:1,接收管道:0
*即将连接()到wikichen.is端口443(#0)
*正在尝试54.230.141.222。。。
*已连接到wikichen.is(54.230.141.222)端口443(#0)
*使用TLS_RSA_与_RC4_128_MD5的TLS 1.2连接
*服务器证书:www.wikichen.is(6w984WNu7vM5OrdU)
*服务器证书:StartCom 1级主中间服务器CA
*服务器证书:StartCom证书颁发机构
>HEAD/HTTP/1.1
>用户代理:curl/7.30.0
>主持人:wikichen.is
>接受:*/*
>
然后在其他页面上失败:
$ curl -i -v https://wikichen.is/writing/index.html
* Adding handle: conn: 0x7fa153804000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa153804000) send_pipe: 1, recv_pipe: 0
* About to connect() to wikichen.is port 443 (#0)
* Trying 54.230.140.160...
* Connected to wikichen.is (54.230.140.160) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_RC4_128_MD5
* Server certificate: www.wikichen.is (6w984WNu7vM5OrdU)
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> GET /writing/index.html HTTP/1.1
> User-Agent: curl/7.30.0
> Host: wikichen.is
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 472
Content-Length: 472
< Connection: keep-alive
Connection: keep-alive
* Server CloudFront is not blacklisted
< Server: CloudFront
Server: CloudFront
< Date: Sun, 09 Mar 2014 17:54:41 GMT
Date: Sun, 09 Mar 2014 17:54:41 GMT
< Age: 6
Age: 6
< X-Cache: Error from cloudfront
X-Cache: Error from cloudfront
< Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront)
Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw==
X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
</BODY></HTML>
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated by cloudfront (CloudFront)
</ADDRESS>
* Connection #0 to host wikichen.is left intact
</BODY></HTML>%
$curl-i-vhttps://wikichen.is/writing/index.html
*正在添加句柄:conn:0x7fa153804000
*正在添加句柄:发送:0
*正在添加句柄:recv:0
*卷曲度加把手尺寸线:长度:1
*-Conn 0(0x7fa153804000)发送管道:1,接收管道:0
*即将连接()到wikichen.is端口443(#0)
*正在尝试54.230.140.160。。。
*已连接到wikichen.is(54.230.140.160)端口443(#0)
*使用TLS_RSA_与_RC4_128_MD5的TLS 1.2连接
*服务器证书:www.wikichen.is(6w984WNu7vM5OrdU)
*服务器证书:StartCom 1级主中间服务器CA
*服务器证书:StartCom证书颁发机构
>GET/writing/index.html HTTP/1.1
>用户代理:curl/7.30.0
>主持人:wikichen.is
>接受:*/*
>
由cloudfront生成(cloudfront)
*到主机wikichen.com的连接#0保持不变
%
想知道从哪里开始排除故障。一位名叫Alastair@AWSAWS CloudFront论坛为我解决了这个问题: 我已经确定了您的CloudFront发行版和S3存储桶 作为此分发的来源 我可以重新创建并解释间歇性的“502坏网关” 您收到的回复 当您尝试访问服务器时,CloudFront将返回此响应 使用当前未缓存的HTTPS协议的URL 云锋。此错误的原因是CloudFront正在尝试 使用HTTPS协议与您的源站联系,但此操作失败 此失败的原因是您已将源站配置为 S3 bucket,但您使用的是“Custom Origin”类型并指向 此存储桶的S3网站URL。如果你试图击中你的S3 网站URL使用HTTPS,您会注意到这不起作用。S3网站 托管仅支持使用HTTP协议提供内容 () 现在,您看到的间歇性页面加载行为是由于 CloudFront返回当前缓存中的页面。你 应能够按如下方式重新创建此场景:
$ curl -i -v https://wikichen.is/writing/index.html
* Adding handle: conn: 0x7fa153804000
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa153804000) send_pipe: 1, recv_pipe: 0
* About to connect() to wikichen.is port 443 (#0)
* Trying 54.230.140.160...
* Connected to wikichen.is (54.230.140.160) port 443 (#0)
* TLS 1.2 connection using TLS_RSA_WITH_RC4_128_MD5
* Server certificate: www.wikichen.is (6w984WNu7vM5OrdU)
* Server certificate: StartCom Class 1 Primary Intermediate Server CA
* Server certificate: StartCom Certification Authority
> GET /writing/index.html HTTP/1.1
> User-Agent: curl/7.30.0
> Host: wikichen.is
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 472
Content-Length: 472
< Connection: keep-alive
Connection: keep-alive
* Server CloudFront is not blacklisted
< Server: CloudFront
Server: CloudFront
< Date: Sun, 09 Mar 2014 17:54:41 GMT
Date: Sun, 09 Mar 2014 17:54:41 GMT
< Age: 6
Age: 6
< X-Cache: Error from cloudfront
X-Cache: Error from cloudfront
< Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront)
Via: 1.1 9096435f28f91f92bacdf76122de09ee.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw==
X-Amz-Cf-Id: iAUOQbP8O4A0pI9KGvVz0VgBT1TW-j0yVDa7vdSvIAuxnKOyQghtnw==
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
</BODY></HTML>
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated by cloudfront (CloudFront)
</ADDRESS>
* Connection #0 to host wikichen.is left intact
</BODY></HTML>%