亚马逊 各国站点 链接
by Georgia Nola
乔治亚·诺拉(Georgia Nola)
使用Amazon S3和HTTPS的简单站点托管 (Simple site hosting with Amazon S3 and HTTPS)
Hiya folks!
大家好!
In this tutorial I’ll show you how to host a static website with HTTPS on AWS with a custom domain. All this is possible using AWS free tier.
在本教程中,我将向您展示如何在具有自定义域的AWS上使用HTTPS托管静态网站。 使用AWS免费套餐可以实现所有这些功能。
However, the services we are going to use do incur some small charges. Generally speaking these shouldn’t exceed $1/month.
但是,我们将要使用的服务确实会收取少量费用。 一般来说,这些费用不应超过$ 1 /每月。
We’ll be using a combination of the following AWS services: —S3 — Route53 — Certificate manager— CloudFront
我们将结合使用以下AWS服务:-S3-Route53-证书管理器-CloudFront
Let’s get into it!
让我们开始吧!
设置您的S3存储桶 (Setup your S3 buckets)
First, you’ll need two S3 buckets, both should match your custom domain name with the second including the www subdomain.
首先,您需要两个S3存储桶 ,两个存储桶都应与您的自定义域名匹配,第二个存储桶应与www子域匹配。
Bucket 1: mywebsite.comBucket 2: www.mywebsite.com
值区1: 时段2: www.mywebsite.com
The first bucket (mywebsite.com) is the main bucket for your site. This contains all your files and assets for your static website.
第一个存储桶(mywebsite.com)是您网站的主要存储桶。 其中包含您静态网站的所有文件和资产。
Next we setup this bucket for static site hosting. You can find this under the Properties tab of the bucket, and we’re going to keep the defaults provided here with the index of the site set to index.html.
接下来,我们为静态站点托管设置此存储桶。 您可以在存储桶的“属性”标签下找到此文件,我们将保留此处提供的默认值,并将网站的索引设置为index.html。
We also need to make this bucket publicly accessible as a user’s browser will need to access the bucket’s files in order to render the website. We can do this by setting a Bucket Policy under the Permissions tab.
我们还需要使该存储桶可公开访问,因为用户的浏览器需要访问该存储桶的文件才能呈现网站。 为此,我们可以在“权限”标签下设置存储桶策略。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "MY_BUCKET_ARN" } ]}This is a simple policy that will only allow public read access of objects in the bucket. Now, if you head to the endpoint defined in the static hosting config of the bucket, you should see your website.
这是一个简单的策略,仅允许对存储桶中的对象进行公共读取访问。 现在,如果您转到存储桶的静态托管配置中定义的端点,则应该会看到您的网站。
Progress! But we can do better than that.
进展! 但是我们可以做得更好。
The second bucket (www.mywebsite.com) we will leave empty but configure to redirect to our first bucket using HTTP as the protocol (we’ll make it HTTPS later).
第二个存储桶(www.mywebsite.com)将保留为空,但配置为使用HTTP作为协议重定向到第一个存储桶(稍后将其设置为HTTPS)。
Your buckets are now ready to go!
您的水桶现在准备出发了!
使用Route53配置域 (Configure Domains with Route53)
So your website is up and running but only accessible via the bucket endpoint and not your custom domain. Let’s change that.
因此,您的网站已启动并正在运行,但只能通过存储桶端点访问,而不能通过自定义域访问。 让我们改变它。
Head to Route53. If you’ve registered your domain with the Amazon Registrar you should see that a hosted zone has been setup for you with two record sets. One for Name Server (NS) and one for SOA.
前往Route53 。 如果您已经在Amazon Registrar上注册了您的域,则应该看到已经为您设置了带有两个记录集的托管区域。 一个用于名称服务器(NS),另一个用于SOA。
All we need to do is to create two more record sets to point to the S3 bucket endpoints.
我们需要做的就是再创建两个记录集,以指向S3存储桶端点。
For each record set: — Type: A — IPv4 address — Alias: Yes — Alias Target: the S3 website endpoint that matches what you set for Name.
对于每个记录集:-类型:A-IPv4地址-别名:是-别名目标:与您为“名称”设置匹配的S3网站端点。
Now we can head to the custom url…and voilà!We’re almost there, but there’s one last thing we’re missing…
现在我们可以转到自定义网址了……瞧瞧!我们快到了,但是我们还缺少最后一件事……
Note: If your domain is registered with another domain registrar (not Amazon) you’ll need to follow some different steps to set this up. Usually you’ll need to add a CNAME record with a value of the main S3 buckets endpoint.
注意 :如果您的域名是在另一个域名注册机构(不是Amazon)注册的,则需要按照一些不同的步骤进行设置。 通常,您需要添加一个CNAME记录,并带有一个主S3存储桶端点的值。
Troubleshooting:If you deleted the hosted zone Amazon created when you first registered the domain (I’ve done this because hosted zones do incur some charges), you’ll need to create a new hosted zone from scratch.
故障排除 :如果您删除了首次注册域时由Amazon创建的托管区域(我这样做是因为托管区域确实会产生一些费用),则需要从头开始创建一个新的托管区域。
- Select “Create Hosted Zone” and set the domain name, for example “mywebsite.com” 选择“创建托管区域”并设置域名,例如“ mywebsite.com”
- This will generate some new record sets for types NS and SOA. 这将为NS和SOA类型生成一些新的记录集。
- Go into your registered domain and update the Name Servers values to those generated in the new NS record set. 进入您的注册域,并将“名称服务器”值更新为在新NS记录集中生成的值。
申请证书 (Requesting a Certificate)
Awesome, the site is now hosted using the custom url! However we can only access it via HTTP protocol.We should always ensure our sites are secured using HTTPS protocol. This protects our site and users from malicious injection attacks and guarantees authenticity.
太棒了,该网站现在使用自定义网址托管! 但是,我们只能通过HTTP协议访问它。我们应始终确保使用HTTPS协议保护我们的网站的安全。 这样可以保护我们的网站和用户免受恶意注入攻击,并确保真实性。
Head to Certificate Manager in AWS Console and request a new public certificate (this is free). You’ll be prompted to enter the domain names you wish to secure.
前往AWS Console中的证书管理器并请求一个新的公共证书(这是免费的)。 系统将提示您输入要保护的域名。
Before the certificate can be issued, Amazon needs to be able to verify that you own the specified domains.
在颁发证书之前,Amazon需要能够验证您拥有指定的域。
You can choose from two verification methods: Email or DNS.
您可以从两种验证方法中选择:电子邮件或DNS。
Email is generally simpler, but you’ll need to ensure you can access the email used to register the domain. Alternatively, if you used Amazon Registrar and Route53, you can select the DNS method. This requires you to add some specific record sets to the hosted zone, but this is mostly automated for you so it’s quite simple.
电子邮件通常更简单,但是您需要确保可以访问用于注册域的电子邮件。 或者,如果您使用了Amazon Registrar和Route53,则可以选择DNS方法。 这要求您将一些特定的记录集添加到托管区域,但这对您来说大多是自动化的,因此非常简单。
It can take a few minutes for the certificate to be issued after validation. When its all done we can continue to the final step!
验证后可能需要花费几分钟才能颁发证书。 完成所有步骤后,我们可以继续执行最后一步!
配置CloudFront (Configuring CloudFront)
For the final step we are going to use CloudFront which allows us to use the new SSL certificate to serve the website with HTTPS. CloudFront also speeds up the distribution of web content by storing it at multiple edge locations and delivering from the closest edge location to a user.
对于最后一步,我们将使用CloudFront ,它允许我们使用新的SSL证书通过HTTPS为网站提供服务。 CloudFront还通过将Web内容存储在多个边缘位置并从最近的边缘位置传递给用户来加快Web内容的分发。
We need two new web distributions, one for each S3 bucket. Head to CloudFront in the AWS Console and create the first web distribution.There are lots of settings available to create a web distribution, but for the basics we only need to change five:
我们需要两个新的Web发行版 ,每个S3存储桶一个。 前往AWS控制台中的CloudFront并创建第一个Web分配。创建Web分配有很多可用设置,但对于基础知识,我们只需要更改以下五个设置:
Origin Domain Name: Set this to the S3 website endpoint for one of the buckets. Important: This field will give you some auto-complete options with your S3 bucket names. However, using these can cause issues with redirecting to the bucket endpoint. So instead use the bucket endpoint directly.
原始域名 :将其设置为其中一个存储桶的S3网站端点。 重要提示 :此字段将为您提供一些S3存储桶名称的自动填充选项。 但是,使用这些会导致重定向到存储桶端点的问题。 因此,请直接使用存储桶端点。
Origin Id: This populated for you when you enter Origin Domain Name.
原始ID :输入原始域名时为您填充。
Viewer Protocol Policy: Set to “Redirect HTTP to HTTPS”.
查看器协议策略 :设置为“将HTTP重定向到HTTPS”。
Alternate Domain Names: This should match the name of the S3 bucket you’re pointing to. For example “mywebsite.com”.
备用域名 :此名称应与您指向的S3存储桶的名称匹配。 例如“ mywebsite.com”。
SSL Certificate: Select “Custom SSL Certificate” and select your new certificate from the dropdown.
SSL证书 :选择“自定义SSL证书”,然后从下拉列表中选择新证书。
Do this again for the second S3 bucket.
对第二个S3存储桶再次执行此操作。
The distributions can take a while to spin up, so while we wait, let’s do the finishing steps.
这些发行版可能需要一段时间才能启动,因此在我们等待时,让我们完成最后的步骤。
Back in S3, go to your secondary bucket (www.mywebsite.com), in the Properties tab and under Static Website Hosting set the redirect protocol to HTTPS.
回到S3中 ,转到“辅助存储桶”(www.mywebsite.com),在“属性”选项卡中的“静态网站托管”下,将重定向协议设置为HTTPS。
Finally, head back to Route53. We need to update the custom A records we created to now target the CloudFront distributions rather than the S3 buckets. For each record, change the Alias Target and select the CloudFront distribution available in the dropdown.
最后,返回Route53 。 我们需要更新我们创建的自定义A记录,以现在定位到CloudFront分配而不是S3存储桶。 对于每条记录,更改Alias Target并在下拉列表中选择可用的CloudFront分配。
Note: Again, if you are using another DNS service you’ll need to go update the CNAME record from there to point to the CloudFront domain name.
注意:同样,如果您使用的是其他DNS服务,则需要从那里更新CNAME记录,以指向CloudFront域名。
And there you have it! Your beautiful website is now available at the custom domain and served with HTTPS!
在那里,您拥有了! 您美丽的网站现在可以在自定义域中使用,并通过HTTPS服务!
Thanks for reading! I hope this guide was useful and enjoyable, I’d love to know if you found it helpful.
谢谢阅读! 希望本指南对您有所帮助并且愉快,我很想知道您是否对本指南有所帮助。
翻译自: https://www.freecodecamp.org/news/simple-site-hosting-with-amazon-s3-and-https-5e78017f482a/
亚马逊 各国站点 链接
643
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
