Amazon-S3

Route53 子域未使用 nslookup 解析

  • October 22, 2017

我的問題

我正在嘗試建構個人 CDN 以與我的聯繫人共享靜態文件。該設計包括一個 S3 儲存桶、一個 CloudFront 分配和一個通過 Route53 註冊的子域,所有這些都使用 Terraform 進行配置。

但是,我可以通過 S3 和 Cloudfront 訪問我的文件,但不能通過我的子域 ( cdn.adamatan.com)。

什麼工作

S3

curl http://cdn.adamatan.com.s3.amazonaws.com/index.html

CloudFront

curl https://d36tl9ayobqfgg.cloudfront.net/index.html

什麼壞了

我無法使用子域獲取文件。而且,nslookupforcdn.adamatan.comadamatan.condoes 都不行。我認為我以某種方式錯誤配置了 Route53。

配置

領域

在此處輸入圖像描述

託管區

在此處輸入圖像描述

地形配置

variable "hosted_zone" {
 default = "adamatan.com"
}

variable "domain" {
 default = "cdn.adamatan.com"
}

variable "aws_region" {
 default = "us-east-1"
}

provider "aws" {
 region  = "${var.aws_region}"
 profile = "personal"
 version = "~> 1.1"
}

/*
  The S3 bucket storing the files. It must bear the same name as the domain
  pointing to it. See https://gist.github.com/danihodovic/a51eb0d9d4b29649c2d094f4251827dd,
  and http://stackoverflow.com/a/5048129/2966951
*/
resource "aws_s3_bucket" "adamatan_cdn_bucket" {
 bucket = "${var.domain}"
 acl = "public-read"

 policy = <<EOF
{
     "Version":"2008-10-17",
     "Statement":[{
       "Sid":"AllowPublicRead",
       "Effect":"Allow",
       "Principal": {"AWS": "*"},
       "Action":["s3:GetObject"],
       "Resource":["arn:aws:s3:::${var.domain}/*"]
     }]
   }
 EOF

 tags {
   Description = "Origin bucket for my personal CDN"
 }
}

resource "aws_route53_zone" "cdn_zone" {
 name = "${var.hosted_zone}"
}

resource "aws_route53_record" "root_domain" {
 zone_id = "${aws_route53_zone.cdn_zone.zone_id}"
 name = "${var.domain}"
 type = "A"

 alias {
   name = "${aws_cloudfront_distribution.adamatan_cdn_distribution.domain_name}"
   zone_id = "${aws_cloudfront_distribution.adamatan_cdn_distribution.hosted_zone_id}"
   evaluate_target_health = false
 }
}

resource "aws_cloudfront_distribution" "adamatan_cdn_distribution" {
 origin {
   domain_name = "${var.domain}.s3.amazonaws.com"
   origin_id   = "${var.domain}"
 }

 enabled             = true
 is_ipv6_enabled     = true
 comment             = "Permanent public file distribution"
 default_root_object = "index.html"

 aliases = ["${var.domain}"]

 default_cache_behavior {
   allowed_methods  = ["GET", "HEAD", "OPTIONS"]
   cached_methods   = ["GET", "HEAD"]
   target_origin_id = "${var.domain}"

   forwarded_values {
     query_string = false

     cookies {
       forward = "none"
     }
   }

   viewer_protocol_policy = "allow-all"
   min_ttl                = 60
   default_ttl            = 300
   max_ttl                = 86400
 }

 price_class = "PriceClass_All"

 restrictions {
   geo_restriction {
     restriction_type = "none"
   }
 }

 viewer_certificate {
   cloudfront_default_certificate = true
 }
}


output "domain" {
 value = "${var.domain}"
}

output "cdn_domain" {
 value = "${aws_cloudfront_distribution.adamatan_cdn_distribution.domain_name}"
}

我的問題

如何使用 Terraform(最好支持 SSL)將我的子域 ( cdn.adamatan.com) 映射到我的雲端分發 ( )?d36tl9ayobqfgg.cloudfront.net

在 Amazon Hosted Zone 中,您擁有與註冊商不同的名稱伺服器集。

Domain Name: ADAMATAN.COM
Registrar: Gandi SAS
Name Server: NS-1193.AWSDNS-21.ORG
Name Server: NS-1889.AWSDNS-44.CO.UK
Name Server: NS-4.AWSDNS-00.COM
Name Server: NS-1193.AWSDNS-21.ORG

上面的名稱伺服器都沒有回答adamatan.com SOA& cdn.adamatan.com。這些名稱伺服器沒有配置您的域,而您區域上的伺服器集具有:

;; ANSWER SECTION:
cdn.adamatan.com.       60      IN      A       13.33.23.245
cdn.adamatan.com.       60      IN      A       13.33.23.59
cdn.adamatan.com.       60      IN      A       13.33.23.22
cdn.adamatan.com.       60      IN      A       13.33.23.89
cdn.adamatan.com.       60      IN      A       13.33.23.45
cdn.adamatan.com.       60      IN      A       13.33.23.248
cdn.adamatan.com.       60      IN      A       13.33.23.169
cdn.adamatan.com.       60      IN      A       13.33.23.94

;; AUTHORITY SECTION:
adamatan.com.           172800  IN      NS      ns-1511.awsdns-60.org.
adamatan.com.           172800  IN      NS      ns-1730.awsdns-24.co.uk.
adamatan.com.           172800  IN      NS      ns-378.awsdns-47.com.
adamatan.com.           172800  IN      NS      ns-936.awsdns-53.net.

前往您的 Gandi 帳戶的域名管理,並相應地更改您的域名伺服器。父 ( .com) 區域中的 NS 記錄應與您自己 ( adamatan.com) 中的記錄相匹配。

請記住,TTL兩個區域的時間都是172800秒,即 48 小時。這些更改最多可能需要兩天時間才能生效。dig adamatan.com NS @a.gtld-servers.net.顯示它們是否已在 的根名稱伺服器上更新.com,這就是計數實際開始的時間。

引用自:https://serverfault.com/questions/879658