@0x4447/strawberry 中文文档教程
Strawberry
这个 CLI 是在我们无数次努力做一个简单的 HTTPS 重定向之后出于挫败感而创建的,例如从:https://example.com 到 https://www.example.com。
这是对非加密连接的直接操作。 然而,试图让它在 HTTPS 上工作是完全不同的故事,因为您需要一个带有证书的服务器,该证书可以在服务器告诉浏览器去哪里之前建立安全连接。
使用常规服务器执行此操作很简单,但如果使用无服务器技术,则会更加复杂,更不用说为这样一个简单的任务设置和管理证书了。
草莓就是这么来的。 我们实际上使用无服务器技术来对抗无服务器技术,通过使用 AWS S3 和 AWS CloudFormation 来处理这个简单的操作。 算了吧……
草莓会自动为您创建整个堆栈。 您所要做的就是提供一些基本信息,其余的交给 CLI。
How to install
] sudo npm install -g @0x4447/strawberry
How to use
] strawberry -s source.example.com -d destination.example.com
Where to get help
] strawberry -h
What to expect
This CLI…
- Creates an S3 bucket with redirect enabled to the destination domain
- Creates a certificate for the source domain
- Creates a CloudFront distribution with the new certificate
- Configures Route 53 so the source domain points to CloudFront
警告:如果证书验证时间过长怎么办? 60 秒后,该应用程序退出并打印出一份详细说明,说明您接下来应该做什么。 花点时间彻底检查打印输出,你会很好的。
High-level flow looks like this:
- User visit the source domain
- A secure connection is established
- CloudFront reads the S3 bucket configuration
- The user is redirected to the destination domain
所有这些都是通过使用 SSL 完成的。
Credentials
要使用此 CLI,请创建一个编程用户或创建一个具有以下权限的角色:
- AmazonS3FullAccess
- CloudFrontFullAccess
- AmazonRoute53FullAccess
- AWSCertificateManagerFullAccess
Is deployment instant?
不,不是。 以下方面不会立即发生:
- SSL Certificate confirmation
- CloudFront distribution
SSL Certificate confirmation
此过程的时间范围从 10 秒到 24 小时不等。 这是完全不可预测的,也没有办法加快这个过程。 因此,如果证书未在 60 秒内得到确认,应用程序将退出。 发生这种情况时,请转到 AWS 控制台以监控证书。
CloudFront distribution
这最多需要 15 或 20 分钟,但是当您到达这一点时,您可以确定配置是正确的。 此时,您只需要等待该过程完成即可。 只有这样,域才会提供网站。
The end
如果您喜欢这个项目,请考虑给它一个????。 并查看我们的 0x4447 GitHub 帐户,其中包含您可能会觉得有用或有趣的其他资源。
Sponsor ????
该项目由 0x4447 LLC 提供,这是一家专门在 AWS 上构建自定义解决方案的软件公司。 点击此链接了解更多信息:https://0x4447.com。 或者,发送电子邮件至 hello@0x4447.email。
???? Strawberry
This CLI was create out of frustration after we struggled countless times to do a simple HTTPS redirect, for example from: https://example.com to https://www.example.com.
This is a straightforward action over a non-encrypted connection. However, trying to make it work over HTTPS is an entirely different story, since you need a server with a certificate that can establish a secure connection before the server can tells the browser where to go.
It's simple to do this with a regular server, but more complicated if working with serverless technologies, not to mention the certificate setup and management for such a simple task.
That's how Strawberry came to be. We actually use serverless technology to fight serverless technologies through the use of AWS S3 and AWS CloudFormation to handle this simple operation. Go figure…
Strawberry automatically creates the entire stack for you. All you have to do is provide some basic information, and leave the rest up to the CLI.
How to install
] sudo npm install -g @0x4447/strawberry
How to use
] strawberry -s source.example.com -d destination.example.com
Where to get help
] strawberry -h
What to expect
This CLI…
- Creates an S3 bucket with redirect enabled to the destination domain
- Creates a certificate for the source domain
- Creates a CloudFront distribution with the new certificate
- Configures Route 53 so the source domain points to CloudFront
WARNING: What if the certificate takes too long to validate? After 60 seconds, the app quits and prints out a detailed explanation of what your next steps should be. Take the time to thoroughly go over the printout, and you'll be good.
High-level flow looks like this:
- User visit the source domain
- A secure connection is established
- CloudFront reads the S3 bucket configuration
- The user is redirected to the destination domain
All of this is done through the use of SSL.
Credentials
To use this CLI, create a programmatic user or create a role with the following permissions:
- AmazonS3FullAccess
- CloudFrontFullAccess
- AmazonRoute53FullAccess
- AWSCertificateManagerFullAccess
Is deployment instant?
No, it's not. The following aspects don't happen right away:
- SSL Certificate confirmation
- CloudFront distribution
SSL Certificate confirmation
The timeframe for this process ranges from 10 seconds to 24 hours. It's completely unpredictable, and there's no way to speed up the process. Because of this, the app quits if the certificate isn't confirmed within 60 seconds. When that happens, go to the AWS Console to monitor the certificate.
CloudFront distribution
This takes up to 15 or 20 minutes, but when you reach this point, you can be certain that the configuration is correct. At this point, you just need to wait until the process is complete. Only then will the domain deliver the website.
The end
If you enjoyed this project, please consider giving it a ????. And check out our 0x4447 GitHub account, which contains additional resources you might find useful or interesting.
Sponsor ????
This project is brought to you by 0x4447 LLC, a software company specializing in building custom solutions on top of AWS. Follow this link to learn more: https://0x4447.com. Alternatively, send an email to hello@0x4447.email.