<?php
namespace app\admin\controller;
use app\Response;
use Aws\AwsClient;
use Aws\Acm\AcmClient;
use Aws\CloudFront\CloudFrontClient;
use Aws\Credentials\CredentialProvider;
use Aws\Exception\AwsException;
class AWSUtil{
public $data =[];
public $cname = [];
public function init($domainName){
$acmClient = new AcmClient([
'region' => 'us-east-1',
'version' => '2015-12-08',
'credentials'=>[
// 'id'=>"851725259723",
'key'=>"AKIA4MTWICPFTJEVQ25E",
"secret"=>"116wUWfw2r4JTSZtlh/sTc46+2gxgsm4A6YWyvrI"
]
]);
$subdomainName = "";
// 使用 mt_rand() 生成随机数
$randomNumber = mt_rand(1000, 99999);
//用*.example.com 这个来申请证书,并且将这个添加到CloudFront的备用域名列表中。这样就可以用这域名,用这个证书访问这个CloudFront。
$result = $acmClient->requestCertificate([
'DomainName' =>$domainName,
'SubjectAlternativeNames'=> [
"*.".$domainName,
],
'ValidationMethod' => 'DNS',
]);
//创建证书
$acm_certificate = $result->get("CertificateArn");
// echo $acm_certificate;
//php中递归调用只会返回第一次的结果,获取到证书中返回的用来验证证书的cName(获取data1的数据)
$this->getDomainValidationOptions($acmClient,$acm_certificate);
//创建一个CloudFront并且绑定证书
$this->createCloudFront($acm_certificate);
return Response::success($this->data);
}
private function getDomainValidationOptions($acmClient,$acm_certificate){
//多次获取证书内容,直到返回了ResourceRecord为止。
$certificate_detail = $acmClient->describeCertificate(
[
"CertificateArn"=> $acm_certificate
],
);
//多次获取证书内容,直到返回了ResourceRecord为止。
$DomainValidationOptions = $certificate_detail->get("Certificate")["DomainValidationOptions"][0];
// echo json_encode($DomainValidationOptions);
if(array_key_exists("ResourceRecord",$DomainValidationOptions)){
$ResourceRecord = $DomainValidationOptions['ResourceRecord'];
$name = $ResourceRecord["Name"];
$names = explode(".",$name);
$name1= $names[0];
$value = $ResourceRecord["Value"];
$valueNew = substr($value,0,strlen($value)-1);
$data1["domain"] = $name1;
$data1["CertificateArn"] = $certificate_detail->get('Certificate')["CertificateArn"];
$data1["value"] = $valueNew;
array_push($this->data,$data1);
}else{
$this->getDomainValidationOptions($acmClient,$acm_certificate);
}
}
private function createCloudFront($certificateArn){
// echo "createCloudFrontAndBindCertificate";
// echo $certificateArn;
// 创建CloudFront客户端
$cloudFrontClient = new CloudFrontClient([
//这个不能要!!!! 'profile' => 'default',
'region' => 'us-east-1',
'version' => 'latest',
'credentials'=>[
'key'=>"AKIA4MTWICPFTJEVQ25E",
"secret"=>"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"
]
]);
$distributionId="";
try {
//用代码创建出来的分发默认是禁用的。
$result = $cloudFrontClient->createDistribution(
["DistributionConfig" => $this->createsTheS3Distribution($certificateArn,1)]
);
$distributionId = $result['Distribution']['Id'];
$cloundfrontDomainName = $result['Distribution']['DomainName'];
// echo "创建发行版成功,ID: " . $distributionId . "\n";
// echo $cloundfrontDomainName;
} catch (AwsException $e) {
// echo "创建发行版失败:" . $e->getMessage() . "\n";
exit();
}
$data2["domain"] = "www";
$data2["value"] = $cloundfrontDomainName;
$data2["distributionId"] = $distributionId;
array_push($this->data,$data2);
}
//绑定验证后的证书到CloudFront,并且设置域名
function updateCloudFront($certificateArn,$distributionId,$cname){
echo "updateCloudFrontAndBindCertificate";
echo "我拿到的证书:".$certificateArn;
echo "我拿到的".$distributionId;
// 创建CloudFront客户端
$cloudFrontClient = new CloudFrontClient([
//这个不能要!!!! 'profile' => 'default',
'region' => 'us-east-1',
'version' => 'latest',
'credentials'=>[
'key'=>"AKIA4MTWICPFTJEVQ25E",
"secret"=>"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"
]
]);
$distribution = $cloudFrontClient->getDistribution([ "Id"=>"E2NR7RRSH6SDDO"]);
echo $distribution;
$distribution = $cloudFrontClient->getDistribution([ "Id"=>$distributionId]);
echo $distribution;
$eTag = $distribution['ETag'];
echo $distribution;
$distributionId = $distribution['Distribution']['Id'];
$cloundfrontDomainName = $distribution['Distribution']['DomainName'];
try {
$config = $distribution['Distribution']['DistributionConfig'];
//绑定证书
$ViewerCertificate = [
"CloudFrontDefaultCertificate "=> false,
"ACMCertificateArn"=>$certificateArn,
"SSLSupportMethod"=>"sni-only",
"MinimumProtocolVersion"=>"TLSv1.2_2021",
"Certificate"=>$certificateArn,
"CertificateSource"=>"acm"
];
//设置备用域名CName
$Aliases =[
'Quantity' => 2,
'Items' => [
"*.".$cname,
$cname,
]
];
echo $cname;
$config['ViewerCertificate'] = $ViewerCertificate;
$config['Enabled'] = true;
$config['Aliases'] = $Aliases;
//注意!!!!现在的桶设置了这个。!!!记得这儿可能会改动。。。。。。。。。。。。。!!!!!
//注意!!!doto ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss//
//[DistributionConfig][Origins][Items][OriginAccessControlId] must be an associative array. Found string(13) \"E9DZVFCU896DO\
// 为什么一直报错!!!!
// $Items = $config['Origins']["Items"];
// $ItemsData = $Items[0];
// $ItemsData["OriginAccessControlId"] ="E9DZVFCU896DO";
// echo json_encode($ItemsData);
// $config['Orgins']["Items"][0] = $ItemsData;
// $Origins['Items']=$newItems;
// $config['Origins'] = $Origins;
// echo $eTag;
//注意Items里面是数组,只有一个值。
$config['Origins']["Items"][0]["OriginAccessControlId"] = "E9DZVFCU896DO";
echo json_encode($config);
$result = $cloudFrontClient->updateDistribution(
[
"DistributionConfig" =>$config,
"Id"=>$distributionId,
'IfMatch' => $eTag
]
);
echo "更新发行版成功,ID: " . $distributionId . "\n";
$distribution = $cloudFrontClient->getDistribution([ "Id"=>$distributionId]);
echo $distribution;
// echo $cloundfrontDomainName;
} catch (AwsException $e) {
echo "更新发行版失败:" . $e->getMessage() . "\n";
exit();
}
}
function getDistributionETag($result)
{
try {
if (isset($result['ETag'])) {
return [
'ETag' => $result['ETag'],
'effectiveUri' => $result['@metadata']['effectiveUri']
];
} else {
return [
'Error' => 'Error: Cannot find distribution ETag header value.',
'effectiveUri' => $result['@metadata']['effectiveUri']
];
}
} catch (AwsException $e) {
return [
'Error' => 'Error: ' . $e->getAwsErrorMessage()
];
}
}
function createsTheS3Distribution($certificateArn,$type)
{
$originName = 'playgogleapps-landpdage-bucket.s3.us-east-1.amazonaws.com';
$s3BucketURL = 'playgogleapps-landpdage-bucket.s3.us-east-1.amazonaws.com';
$callerReference = time();
$comment = '落地页模板';
$defaultCacheBehavior = [
'AllowedMethods' => [
'CachedMethods' => [
'Items' => ['HEAD', 'GET'],
'Quantity' => 2
],
'Items' => ['HEAD', 'GET'],
'Quantity' => 2
],
'Compress' => false,
'DefaultTTL' => 0,
'FieldLevelEncryptionId' => '',
'ForwardedValues' => [
'Cookies' => [
'Forward' => 'none'
],
'Headers' => [
'Quantity' => 0
],
'QueryString' => false,
'QueryStringCacheKeys' => [
'Quantity' => 0
]
],
'LambdaFunctionAssociations' => ['Quantity' => 0],
'MaxTTL' => 0,
'MinTTL' => 0,
'SmoothStreaming' => false,
'TargetOriginId' => $originName,
'TrustedSigners' => [
'Enabled' => false,
'Quantity' => 0
],
'ViewerProtocolPolicy' => 'allow-all'
];
$enabled = false;
$origin = [ //对象
'Items' => [ //数组
[
'DomainName' => $s3BucketURL,
'Id' => $originName,
'OriginPath' => '',
'CustomHeaders' => ['Quantity' => 0],
'S3OriginConfig' => ['OriginAccessIdentity' => '']
]
],
'Quantity' => 1
];
$distribution = [
'CallerReference' => $callerReference,
'Comment' => $comment,
'DefaultCacheBehavior' => $defaultCacheBehavior,
'Enabled' => $enabled,
'Origins' => $origin,
];
return $distribution;
}
}
// CloundFront数据
// {
// "Id": "E3UTNZCCC1UA3C",
// "ARN": "arn: aws: cloudfront: : 851725259723: distribution\/E3UTNZCCC1UA3C",
// "Status": "Deployed",
// "LastModifiedTime": "2024-11-14 T03: 42: 46+00: 00",
// "DomainName": "d1iy7s9rj7olpr.cloudfront.net",
// "Aliases": {
// "Quantity ": 1,
// "Items": [
// "*.playgogleapps.com"
// ]
// },
// "Origins": {
// "Quantity ": 1,
// "Items": [
// {
// "Id": "landpage01.s3.us-east-1.amazonaws.com",
// "DomainName": "landpage01.s3.us-east-1.amazonaws.com",
// "OriginPath": "",
// "CustomHeaders": {
// "Quantity ": 0
// },
// "S3OriginConfig": {
// "OriginAccessIdentity": "origin-access-identity\/cloudfront\/E153UB5FRRMVM2"
// },
// "ConnectionAttempts ": 3,
// "ConnectionTimeout ": 10,
// "OriginShield": {
// "Enabled ": false
// },
// "OriginAccessControlId": ""
// }
// ]
// },
// "OriginGroups": {
// "Quantity ": 0
// },
// "DefaultCacheBehavior": {
// "TargetOriginId": "landpage01.s3.us-east-1.amazonaws.com",
// "TrustedSigners": {
// "Enabled ": false,
// "Quantity ": 0
// },
// "TrustedKeyGroups": {
// "Enabled ": false,
// "Quantity ": 0
// },
// "ViewerProtocolPolicy": "allow-all",
// "AllowedMethods": {
// "Quantity ": 2,
// "Items": [
// "HEAD",
// "GET"
// ],
// "CachedMethods": {
// "Quantity ": 2,
// "Items": [
// "HEAD",
// "GET"
// ]
// }
// },
// "SmoothStreaming ": false,
// "Compress ": true,
// "LambdaFunctionAssociations": {
// "Quantity ": 0
// },
// "FunctionAssociations": {
// "Quantity ": 0
// },
// "FieldLevelEncryptionId": "",
// "CachePolicyId": "658327 ea-f89d-4 fab-a63d-7e88639 e58f6"
// },
// "CacheBehaviors": {
// "Quantity ": 0
// },
// "CustomErrorResponses": {
// "Quantity ": 0
// },
// "Comment": "",
// "PriceClass": "PriceClass_All",
// "Enabled ": true,
// "ViewerCertificate": {
// "CloudFrontDefaultCertificate ": false,
// "ACMCertificateArn": "arn: aws: acm: us-east-1: 851725259723: certificate\/c28164d2-7049-43 a5-8919-169 d748e2171",
// "SSLSupportMethod": "sni-only",
// "MinimumProtocolVersion": "TLSv1 .2_2021",
// "Certificate": "arn: aws: acm: us-east-1: 851725259723: certificate\/c28164d2-7049-43 a5-8919-169 d748e2171",
// "CertificateSource": "acm"
// },
// "Restrictions": {
// "GeoRestriction": {
// "RestrictionType": "none",
// "Quantity ": 0
// }
// },
// "WebACLId": "",
// "HttpVersion": "HTTP2",
// "IsIPV6Enabled ": true,
// "AliasICPRecordals": [
// {
// "CNAME": "*.playgogleapps.com",
// "ICPRecordalStatus": "APPROVED"
// }
// ],
// "Staging ": false
// }
AWS动态绑定域名由于Origin的Acess没有设置访问不了
于 2024-11-14 23:08:43 首次发布