I have a pyramid/python application with a page at www.domain.com that creates html pages at s3.amazonaws.com/testbucket/object_name. Right now in this test bucket, I also have javascript files that each object(html page) utilizes. I want it so that users can go to subdomain.domain.com/object_name and see the files with the javascript enabled. I have cname'd subdomain.domain.com (the name of my bucket) to s3.amazonaws.com. (with that last period at the end). Right now I have two problems (I am far more concerned with the second one)
我有一个金字塔/ python应用程序,页面位于www.domain.com,可以在s3.amazonaws.com/testbucket/object_name创建html页面。现在在这个测试桶中,我还有每个对象(html页面)使用的javascript文件。我想要它,以便用户可以访问subdomain.domain.com/object_name并查看启用了javascript的文件。我有sname'd subdomain.domain.com(我的桶名称)到s3.amazonaws.com。 (最后一段时间结束)。现在我有两个问题(我更关心第二个问题)
1). When I try and access the url via https://subdomain.domain.com/object_name I get a security error (I assume this is because it is redirecting to an amazon s3 bucket. How can I get an ssl certificate for my bucket?
1)。当我尝试通过https://subdomain.domain.com/object_name访问网址时出现安全错误(我认为这是因为它正在重定向到亚马逊s3存储桶。如何获得我的存储桶的ssl证书?
2) When I try and access the url via http://subdomain.domain.com/object_name, there is no secutiry error (not https) but the javascript isn't enabled. How can I make sure that those jacvascript files on the s3 bucket still work?
2)当我尝试通过http://subdomain.domain.com/object_name访问网址时,没有安全性错误(不是https),但未启用javascript。如何确保s3存储桶上的那些jacvascript文件仍然有效?
Edit: upon looking at the developer tools, I see the error: Failed to load resource: the server responded with a status of 403 (Forbidden) referring to the javascript file. Why would this file be forbidden when I have made it public in the bucket?
编辑:在查看开发人员工具时,我看到错误:无法加载资源:服务器响应状态为403(禁止)引用javascript文件。为什么这个文件在桶中公开时会被禁止?
1 个解决方案
#1
3
S3 does not allow you to configure your own SSL certificates for buckets - this is an inherit "problem" with the way S3 is designed and distributed across servers - Amazon provides their own certificate for use with S3, no configuration required.
S3不允许您为存储桶配置自己的SSL证书 - 这是S3设计和分布在服务器上的方式的继承“问题” - 亚马逊提供自己的证书供S3使用,无需配置。
However, and this is very important - you cannot use SSL over CNAME, period. If you want to use your pretty domain name with SSL using S3 you're out of luck. Its just a S3 quirk we have to live with. (https://forums.aws.amazon.com/thread.jspa?threadID=60502).
但是,这非常重要 - 您不能在CNAME期间使用SSL。如果你想使用S3使用漂亮的域名和SSL,那你就不走运了。它只是我们必须忍受的S3怪癖。 (https://forums.aws.amazon.com/thread.jspa?threadID=60502)。
In summary, if you want SSL, you must use the full S3 bucket path.
总之,如果您需要SSL,则必须使用完整的S3存储桶路径。
#1
3
S3 does not allow you to configure your own SSL certificates for buckets - this is an inherit "problem" with the way S3 is designed and distributed across servers - Amazon provides their own certificate for use with S3, no configuration required.
S3不允许您为存储桶配置自己的SSL证书 - 这是S3设计和分布在服务器上的方式的继承“问题” - 亚马逊提供自己的证书供S3使用,无需配置。
However, and this is very important - you cannot use SSL over CNAME, period. If you want to use your pretty domain name with SSL using S3 you're out of luck. Its just a S3 quirk we have to live with. (https://forums.aws.amazon.com/thread.jspa?threadID=60502).
但是,这非常重要 - 您不能在CNAME期间使用SSL。如果你想使用S3使用漂亮的域名和SSL,那你就不走运了。它只是我们必须忍受的S3怪癖。 (https://forums.aws.amazon.com/thread.jspa?threadID=60502)。
In summary, if you want SSL, you must use the full S3 bucket path.
总之,如果您需要SSL,则必须使用完整的S3存储桶路径。