用于 Amazon S3静态网站的 HTTPS

我想使用 Amazon S3和 CloudFront 托管一个只支持 HTTPS 的静态网站:

  1. 设置一个静态网站托管的 S3桶,并把我的网站文件在它
  2. 创建 CloudFront 发行版并将其指向 S3桶
  3. 在我的域的名称服务器中为指向 CloudFront 桶的 www子域添加了 CNAME 记录。

到目前为止,一切顺利-我可以访问我的网站使用 www.example.com地址。但是,我希望该网站只能通过 HTTPS 访问,为此我从 GoDaddy 购买了一个 SSL 证书。

现在的问题是:

  1. 有没有办法在我的 S3托管网站上安装这个第三方 SSL 证书?
  2. 有没有一种方法,有一个自动 http 到 https 重定向与此设置?
69058 次浏览
小开

As of today, Cloudfront offers custom SSL: http://aws.amazon.com/cloudfront/pricing/

Keep in mind, they are charging $600 / month. More details on the link above.

小开
最佳答案

Yes, as of today you can do it at no charge.

You can now use HTTPS with CNAMEs on CloudFront as it now supports custom SSL certificates using Server Name Indication (SNI): http://aws.typepad.com/aws/2014/03/server-name-indication-sni-and-http-redirection-for-amazon-cloudfront.html

I managed to set up a free Class 1 StartSSL cert for my CloudFront distributed static site on S3 without too much trouble (see: CloudFront error when serving over HTTPS using SNI).

小开

On 2016-01-21 AWS launched AWS Certificate Manager, which is a free service that allows you to issue a SSL certificate to be used with Elastic Load Balancer and Cloud Front (along with S3 too).

You can learn more at: https://aws.amazon.com/certificate-manager/

And you can check how to deploy your S3 + Cloudfront website with free SSL from AWS at: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/

小开

In addition to @wikichen's answer.

From: https://aws.amazon.com/cloudfront/custom-ssl-domains/

By default, you can deliver your content to viewers over HTTPS by using your CloudFront distribution domain name in your URLs, for example, https://dxxxxx.cloudfront.net/image.jpg.

If you want to deliver your content over HTTPS using your own domain name and your own SSL certificate, you can use one of our Custom SSL certificate support features.

小开

For me I had to upload a simple React website to S3. As barbolo describes you need a certificate to access site through SSL. If the static site that you want to deploy is simple enough you can:

  1. Upload to S3.
  2. Do not select "Static Website Hosting"
  3. Convert all relative links (to css, js, etc) to absolute links.

e.g. from /css/media.css you should convert it to https://s3-region-amazonaws.com/bucket-name/css/media.css (for me I had to change only links in index.html)

  1. Make only the contents of bucket public.

Thats it. You can access the index file through https.

A Simple site is a site with a main index.html file that points to some css and js pages.


提交答案