AWS动态绑定域名由于Origin的Acess没有设置访问不了

<?php
namespace app\admin\controller;

use app\Response;
use Aws\AwsClient;
use Aws\Acm\AcmClient;
use Aws\CloudFront\CloudFrontClient;
use Aws\Credentials\CredentialProvider;
use Aws\Exception\AwsException;

class AWSUtil{

    public $data =[];

    public $cname = [];

    public function init($domainName){

        $acmClient = new AcmClient([
            'region' => 'us-east-1',
            'version' => '2015-12-08',
            'credentials'=>[
                // 'id'=>"851725259723",
                'key'=>"AKIA4MTWICPFTJEVQ25E",
                "secret"=>"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"
            ]
            
        ]);
        

        $subdomainName = "";

        // 使用 mt_rand() 生成随机数
        $randomNumber = mt_rand(1000, 99999);

        //用*.example.com 这个来申请证书,并且将这个添加到CloudFront的备用域名列表中。这样就可以用这域名,用这个证书访问这个CloudFront。
        

 
        $result = $acmClient->requestCertificate([
            'DomainName' =>$domainName,  
            'SubjectAlternativeNames'=> [
                "*.".$domainName,  
              ],
            'ValidationMethod' => 'DNS',
        ]);

        //创建证书
        $acm_certificate = $result->get("CertificateArn");
        // echo $acm_certificate;

       //php中递归调用只会返回第一次的结果,获取到证书中返回的用来验证证书的cName(获取data1的数据)
       $this->getDomainValidationOptions($acmClient,$acm_certificate);

       //创建一个CloudFront并且绑定证书 
       $this->createCloudFront($acm_certificate);

       return Response::success($this->data);
    
    }

 
    private function getDomainValidationOptions($acmClient,$acm_certificate){

            //多次获取证书内容,直到返回了ResourceRecord为止。
            $certificate_detail = $acmClient->describeCertificate(
                [
                    "CertificateArn"=> $acm_certificate
                ],
            );

            //多次获取证书内容,直到返回了ResourceRecord为止。
            $DomainValidationOptions =  $certificate_detail->get("Certificate")["DomainValidationOptions"][0];

                // echo json_encode($DomainValidationOptions);

                if(array_key_exists("ResourceRecord",$DomainValidationOptions)){

                    $ResourceRecord = $DomainValidationOptions['ResourceRecord'];

                    $name = $ResourceRecord["Name"];
                

                    $names = explode(".",$name);

                    $name1= $names[0];

                    $value = $ResourceRecord["Value"];
                    $valueNew = substr($value,0,strlen($value)-1);
            
                    $data1["domain"] = $name1;
                    $data1["CertificateArn"] =  $certificate_detail->get('Certificate')["CertificateArn"];
                    $data1["value"] = $valueNew;
            
                    array_push($this->data,$data1);
           

                }else{

                    $this->getDomainValidationOptions($acmClient,$acm_certificate);
                   
                }

    }

    private function createCloudFront($certificateArn){

            // echo "createCloudFrontAndBindCertificate";

            // echo $certificateArn;

            
            // 创建CloudFront客户端
            $cloudFrontClient = new CloudFrontClient([
                //这个不能要!!!! 'profile' => 'default',
                'region' => 'us-east-1',
                'version' => 'latest',
                'credentials'=>[
                    'key'=>"AKIA4MTWICPFTJEVQ25E",
                    "secret"=>"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"
                ]
            ]);

            $distributionId="";
            try {
                //用代码创建出来的分发默认是禁用的。
                $result = $cloudFrontClient->createDistribution(
                    ["DistributionConfig"  => $this->createsTheS3Distribution($certificateArn,1)]
                );

                $distributionId = $result['Distribution']['Id'];

                $cloundfrontDomainName = $result['Distribution']['DomainName'];

                // echo "创建发行版成功,ID: " . $distributionId . "\n";

                // echo $cloundfrontDomainName;
            } catch (AwsException $e) {
                // echo "创建发行版失败:" . $e->getMessage() . "\n";
                exit();
            }

            $data2["domain"] = "www";
            $data2["value"] = $cloundfrontDomainName;
            $data2["distributionId"] = $distributionId;
            array_push($this->data,$data2);

    }


    //绑定验证后的证书到CloudFront,并且设置域名
    function updateCloudFront($certificateArn,$distributionId,$cname){

        echo "updateCloudFrontAndBindCertificate";

        echo "我拿到的证书:".$certificateArn;
    
        echo "我拿到的".$distributionId;

        // 创建CloudFront客户端
        $cloudFrontClient = new CloudFrontClient([
            //这个不能要!!!! 'profile' => 'default',
            'region' => 'us-east-1',
            'version' => 'latest',
            'credentials'=>[
                'key'=>"AKIA4MTWICPFTJEVQ25E",
                "secret"=>"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"
            ]
        ]);


         $distribution  = $cloudFrontClient->getDistribution([ "Id"=>"E2NR7RRSH6SDDO"]);

         echo $distribution;

         $distribution  = $cloudFrontClient->getDistribution([ "Id"=>$distributionId]);

         echo $distribution;

        $eTag = $distribution['ETag'];

         echo $distribution;

         $distributionId = $distribution['Distribution']['Id'];
         $cloundfrontDomainName = $distribution['Distribution']['DomainName'];

        try {

            $config = $distribution['Distribution']['DistributionConfig'];
        

             //绑定证书
            $ViewerCertificate = [
                "CloudFrontDefaultCertificate "=> false,
                "ACMCertificateArn"=>$certificateArn,
                "SSLSupportMethod"=>"sni-only",
                "MinimumProtocolVersion"=>"TLSv1.2_2021",
                "Certificate"=>$certificateArn,
                "CertificateSource"=>"acm"
            ];

            //设置备用域名CName
            $Aliases =[
                'Quantity' => 2,
                'Items' => [
                    "*.".$cname,
                    $cname,
                ]
                ];
            echo $cname;

            $config['ViewerCertificate'] = $ViewerCertificate;
            $config['Enabled'] = true;
            $config['Aliases'] = $Aliases;

            //注意!!!!现在的桶设置了这个。!!!记得这儿可能会改动。。。。。。。。。。。。。!!!!!
            //注意!!!doto ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss//
           


            //[DistributionConfig][Origins][Items][OriginAccessControlId] must be an associative array. Found string(13) \"E9DZVFCU896DO\

            // 为什么一直报错!!!!
            // $Items = $config['Origins']["Items"];
            // $ItemsData = $Items[0];

            // $ItemsData["OriginAccessControlId"]  ="E9DZVFCU896DO";

            // echo json_encode($ItemsData);

            // $config['Orgins']["Items"][0] = $ItemsData;

            // $Origins['Items']=$newItems;
            // $config['Origins'] = $Origins;

            // echo $eTag;

            //注意Items里面是数组,只有一个值。
            $config['Origins']["Items"][0]["OriginAccessControlId"] = "E9DZVFCU896DO";

            echo json_encode($config);


            $result = $cloudFrontClient->updateDistribution(
                [   
                    "DistributionConfig"  =>$config,
                    "Id"=>$distributionId,
                    'IfMatch' => $eTag
                ]
            );

            echo "更新发行版成功,ID: " . $distributionId . "\n";

            $distribution  = $cloudFrontClient->getDistribution([ "Id"=>$distributionId]);

            echo $distribution;

            // echo $cloundfrontDomainName;
        } catch (AwsException $e) {
            echo "更新发行版失败:" . $e->getMessage() . "\n";
            exit();
        }

    }

    function getDistributionETag($result)
    {
        try {
        

            if (isset($result['ETag'])) {
                return [
                    'ETag' => $result['ETag'],
                    'effectiveUri' => $result['@metadata']['effectiveUri']
                ];
            } else {
                return [
                    'Error' => 'Error: Cannot find distribution ETag header value.',
                    'effectiveUri' => $result['@metadata']['effectiveUri']
                ];
            }
        } catch (AwsException $e) {
            return [
                'Error' => 'Error: ' . $e->getAwsErrorMessage()
            ];
        }
    }

    function createsTheS3Distribution($certificateArn,$type)
    {
        $originName = 'playgogleapps-landpdage-bucket.s3.us-east-1.amazonaws.com';
        $s3BucketURL = 'playgogleapps-landpdage-bucket.s3.us-east-1.amazonaws.com';
        $callerReference = time();
        $comment = '落地页模板';
        $defaultCacheBehavior = [
            'AllowedMethods' => [
                'CachedMethods' => [
                    'Items' => ['HEAD', 'GET'],
                    'Quantity' => 2
                ],
                'Items' => ['HEAD', 'GET'],
                'Quantity' => 2
            ],
            'Compress' => false,
            'DefaultTTL' => 0,
            'FieldLevelEncryptionId' => '',
            'ForwardedValues' => [
                'Cookies' => [
                    'Forward' => 'none'
                ],
                'Headers' => [
                    'Quantity' => 0
                ],
                'QueryString' => false,
                'QueryStringCacheKeys' => [
                    'Quantity' => 0
                ]
            ],
            'LambdaFunctionAssociations' => ['Quantity' => 0],
            'MaxTTL' => 0,
            'MinTTL' => 0,
            'SmoothStreaming' => false,
            'TargetOriginId' => $originName,
            'TrustedSigners' => [
                'Enabled' => false,
                'Quantity' => 0
            ],
            'ViewerProtocolPolicy' => 'allow-all'
        ];

    

        $enabled = false;
        $origin = [ //对象
            'Items' => [  //数组
                [
                    'DomainName' => $s3BucketURL,
                    'Id' => $originName,
                    'OriginPath' => '',
                    'CustomHeaders' => ['Quantity' => 0],
                    'S3OriginConfig' => ['OriginAccessIdentity' => '']
                ]
            ],
            'Quantity' => 1
        ];
    
        $distribution = [
            'CallerReference' => $callerReference,
            'Comment' => $comment,
            'DefaultCacheBehavior' => $defaultCacheBehavior,
            'Enabled' => $enabled,
            'Origins' => $origin,
        ];
       
        return $distribution;
    }
}




//  CloundFront数据
//  {
//     "Id": "E3UTNZCCC1UA3C",
//     "ARN": "arn: aws: cloudfront: : 851725259723: distribution\/E3UTNZCCC1UA3C",
//     "Status": "Deployed",
//     "LastModifiedTime": "2024-11-14 T03: 42: 46+00: 00",
//     "DomainName": "d1iy7s9rj7olpr.cloudfront.net",
//     "Aliases": {
//         "Quantity ": 1,
//         "Items": [
//             "*.playgogleapps.com"
//         ]
//     },
//     "Origins": {
//         "Quantity ": 1,
//         "Items": [
//             {
//                 "Id": "landpage01.s3.us-east-1.amazonaws.com",
//                 "DomainName": "landpage01.s3.us-east-1.amazonaws.com",
//                 "OriginPath": "",
//                 "CustomHeaders": {
//                     "Quantity ": 0
//                 },
//                 "S3OriginConfig": {
//                     "OriginAccessIdentity": "origin-access-identity\/cloudfront\/E153UB5FRRMVM2"
//                 },
//                 "ConnectionAttempts ": 3,
//                 "ConnectionTimeout ": 10,
//                 "OriginShield": {
//                     "Enabled ": false
//                 },
//                 "OriginAccessControlId": ""
//             }
//         ]
//     },
//     "OriginGroups": {
//         "Quantity ": 0
//     },
//     "DefaultCacheBehavior": {
//         "TargetOriginId": "landpage01.s3.us-east-1.amazonaws.com",
//         "TrustedSigners": {
//             "Enabled ": false,
//             "Quantity ": 0
//         },
//         "TrustedKeyGroups": {
//             "Enabled ": false,
//             "Quantity ": 0
//         },
//         "ViewerProtocolPolicy": "allow-all",
//         "AllowedMethods": {
//             "Quantity ": 2,
//             "Items": [
//                 "HEAD",
//                 "GET"
//             ],
//             "CachedMethods": {
//                 "Quantity ": 2,
//                 "Items": [
//                     "HEAD",
//                     "GET"
//                 ]
//             }
//         },
//         "SmoothStreaming ": false,
//         "Compress ": true,
//         "LambdaFunctionAssociations": {
//             "Quantity ": 0
//         },
//         "FunctionAssociations": {
//             "Quantity ": 0
//         },
//         "FieldLevelEncryptionId": "",
//         "CachePolicyId": "658327 ea-f89d-4 fab-a63d-7e88639 e58f6"
//     },
//     "CacheBehaviors": {
//         "Quantity ": 0
//     },
//     "CustomErrorResponses": {
//         "Quantity ": 0
//     },
//     "Comment": "",
//     "PriceClass": "PriceClass_All",
//     "Enabled ": true,
//     "ViewerCertificate": {
//         "CloudFrontDefaultCertificate ": false,
//         "ACMCertificateArn": "arn: aws: acm: us-east-1: 851725259723: certificate\/c28164d2-7049-43 a5-8919-169 d748e2171",
//         "SSLSupportMethod": "sni-only",
//         "MinimumProtocolVersion": "TLSv1 .2_2021",
//         "Certificate": "arn: aws: acm: us-east-1: 851725259723: certificate\/c28164d2-7049-43 a5-8919-169 d748e2171",
//         "CertificateSource": "acm"
//     },
//     "Restrictions": {
//         "GeoRestriction": {
//             "RestrictionType": "none",
//             "Quantity ": 0
//         }
//     },
//     "WebACLId": "",
//     "HttpVersion": "HTTP2",
//     "IsIPV6Enabled ": true,
//     "AliasICPRecordals": [
//         {
//             "CNAME": "*.playgogleapps.com",
//             "ICPRecordalStatus": "APPROVED"
//         }
//     ],
//     "Staging ": false
// }

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值