Amazon-S3
Route53 子域未使用 nslookup 解析
我的問題
我正在嘗試建構個人 CDN 以與我的聯繫人共享靜態文件。該設計包括一個 S3 儲存桶、一個 CloudFront 分配和一個通過 Route53 註冊的子域,所有這些都使用 Terraform 進行配置。
但是,我可以通過 S3 和 Cloudfront 訪問我的文件,但不能通過我的子域 (
cdn.adamatan.com
)。什麼工作
S3
curl http://cdn.adamatan.com.s3.amazonaws.com/index.html
CloudFront
curl https://d36tl9ayobqfgg.cloudfront.net/index.html
什麼壞了
我無法使用子域獲取文件。而且,
nslookup
forcdn.adamatan.com
和adamatan.con
does 都不行。我認為我以某種方式錯誤配置了 Route53。配置
領域
託管區
地形配置
variable "hosted_zone" { default = "adamatan.com" } variable "domain" { default = "cdn.adamatan.com" } variable "aws_region" { default = "us-east-1" } provider "aws" { region = "${var.aws_region}" profile = "personal" version = "~> 1.1" } /* The S3 bucket storing the files. It must bear the same name as the domain pointing to it. See https://gist.github.com/danihodovic/a51eb0d9d4b29649c2d094f4251827dd, and http://stackoverflow.com/a/5048129/2966951 */ resource "aws_s3_bucket" "adamatan_cdn_bucket" { bucket = "${var.domain}" acl = "public-read" policy = <<EOF { "Version":"2008-10-17", "Statement":[{ "Sid":"AllowPublicRead", "Effect":"Allow", "Principal": {"AWS": "*"}, "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::${var.domain}/*"] }] } EOF tags { Description = "Origin bucket for my personal CDN" } } resource "aws_route53_zone" "cdn_zone" { name = "${var.hosted_zone}" } resource "aws_route53_record" "root_domain" { zone_id = "${aws_route53_zone.cdn_zone.zone_id}" name = "${var.domain}" type = "A" alias { name = "${aws_cloudfront_distribution.adamatan_cdn_distribution.domain_name}" zone_id = "${aws_cloudfront_distribution.adamatan_cdn_distribution.hosted_zone_id}" evaluate_target_health = false } } resource "aws_cloudfront_distribution" "adamatan_cdn_distribution" { origin { domain_name = "${var.domain}.s3.amazonaws.com" origin_id = "${var.domain}" } enabled = true is_ipv6_enabled = true comment = "Permanent public file distribution" default_root_object = "index.html" aliases = ["${var.domain}"] default_cache_behavior { allowed_methods = ["GET", "HEAD", "OPTIONS"] cached_methods = ["GET", "HEAD"] target_origin_id = "${var.domain}" forwarded_values { query_string = false cookies { forward = "none" } } viewer_protocol_policy = "allow-all" min_ttl = 60 default_ttl = 300 max_ttl = 86400 } price_class = "PriceClass_All" restrictions { geo_restriction { restriction_type = "none" } } viewer_certificate { cloudfront_default_certificate = true } } output "domain" { value = "${var.domain}" } output "cdn_domain" { value = "${aws_cloudfront_distribution.adamatan_cdn_distribution.domain_name}" }
我的問題
如何使用 Terraform(最好支持 SSL)將我的子域 (
cdn.adamatan.com
) 映射到我的雲端分發 ( )?d36tl9ayobqfgg.cloudfront.net
在 Amazon Hosted Zone 中,您擁有與註冊商不同的名稱伺服器集。
Domain Name: ADAMATAN.COM Registrar: Gandi SAS Name Server: NS-1193.AWSDNS-21.ORG Name Server: NS-1889.AWSDNS-44.CO.UK Name Server: NS-4.AWSDNS-00.COM Name Server: NS-1193.AWSDNS-21.ORG
上面的名稱伺服器都沒有回答
adamatan.com SOA
&cdn.adamatan.com
。這些名稱伺服器沒有配置您的域,而您區域上的伺服器集具有:;; ANSWER SECTION: cdn.adamatan.com. 60 IN A 13.33.23.245 cdn.adamatan.com. 60 IN A 13.33.23.59 cdn.adamatan.com. 60 IN A 13.33.23.22 cdn.adamatan.com. 60 IN A 13.33.23.89 cdn.adamatan.com. 60 IN A 13.33.23.45 cdn.adamatan.com. 60 IN A 13.33.23.248 cdn.adamatan.com. 60 IN A 13.33.23.169 cdn.adamatan.com. 60 IN A 13.33.23.94 ;; AUTHORITY SECTION: adamatan.com. 172800 IN NS ns-1511.awsdns-60.org. adamatan.com. 172800 IN NS ns-1730.awsdns-24.co.uk. adamatan.com. 172800 IN NS ns-378.awsdns-47.com. adamatan.com. 172800 IN NS ns-936.awsdns-53.net.
前往您的 Gandi 帳戶的域名管理,並相應地更改您的域名伺服器。父 (
.com
) 區域中的 NS 記錄應與您自己 (adamatan.com
) 中的記錄相匹配。請記住,
TTL
兩個區域的時間都是172800
秒,即 48 小時。這些更改最多可能需要兩天時間才能生效。dig adamatan.com NS @a.gtld-servers.net.
顯示它們是否已在 的根名稱伺服器上更新.com
,這就是計數實際開始的時間。