AWS CloudFront支持自定义源的TLSv1.3。您可以使用以下代码示例来配置CloudFront分配:
const AWS = require('aws-sdk');
const cloudfront = new AWS.CloudFront();
const distributionId = 'your-distribution-id';
const originId = 'your-origin-id';
const params = {
DistributionId: distributionId,
DefaultCacheBehavior: {
TargetOriginId: originId,
ViewerProtocolPolicy: 'redirect-to-https',
MinTTL: 0,
ForwardedValues: {
QueryString: false,
Cookies: { Forward: 'none' },
},
TrustedSigners: {
Enabled: false,
Quantity: 0,
},
AllowedMethods: {
Quantity: 7,
Items: ['GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'PATCH', 'DELETE'],
CachedMethods: {
Quantity: 2,
Items: ['GET', 'HEAD'],
},
},
SmoothStreaming: false,
DefaultTTL: 86400,
MaxTTL: 31536000,
Compress: true,
LambdaFunctionAssociations: {
Quantity: 0,
},
FieldLevelEncryptionId: '',
OriginRequestPolicyId: '',
},
Origins: {
Quantity: 1,
Items: [
{
Id: originId,
DomainName: 'your-origin-domain-name',
CustomOriginConfig: {
HTTPPort: 80,
HTTPSPort: 443,
OriginProtocolPolicy: 'https-only',
OriginSslProtocols: {
Quantity: 1,
Items: ['TLSv1.3'],
},
OriginReadTimeout: 30,
OriginKeepaliveTimeout: 5,
},
},
],
},
};
cloudfront.updateDistribution(params, (err, data) => {
if (err) console.log(err, err.stack);
else console.log(data);
});
在上面的代码示例中,我们使用AWS SDK for JavaScript来更新CloudFront分配的配置。您需要将your-distribution-id
替换为您的CloudFront分配的分配ID,your-origin-id
替换为您的自定义源的ID,your-origin-domain-name
替换为您的自定义源的域名。然后,我们将OriginSslProtocols
设置为TLSv1.3
,以启用TLSv1.3。运行此代码后,CloudFront分配将使用TLSv1.3与您的自定义源建立安全连接。