ALIYUN::ESA::HttpsApplicationConfiguration

ALIYUN::ESA::HttpsApplicationConfiguration类型用于添加站点HTTPS应用配置。

语法

{
  "Type": "ALIYUN::ESA::HttpsApplicationConfiguration",
  "Properties": {
    "SiteId": Integer,
    "AltSvcMa": String,
    "AltSvc": String,
    "AltSvcPersist": String,
    "AltSvcClear": String,
    "HstsIncludeSubdomains": String,
    "HttpsForceCode": String,
    "HttpsNoSniDeny": String,
    "Hsts": String,
    "HstsPreload": String,
    "HstsMaxAge": String,
    "HttpsSniWhitelist": String,
    "HttpsSniVerify": String,
    "HttpsForce": String,
    "PaymentType": String,
    "RuleEnable": String,
    "Rule": String,
    "RuleName": String,
    "Sequence": Integer,
    "SiteVersion": Integer
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

SiteId

Integer

站点 ID。

AltSvcMa

String

Alt-Svc 有效时间。

单位是秒,默认为 86400 秒。

AltSvc

String

Alt-Svc 功能开关。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

AltSvcPersist

String

Alt-Svc 头包是否含 persist 参数。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

AltSvcClear

String

Alt-Svc 头是否包含 clear 参数。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

HstsIncludeSubdomains

String

是否在 HSTS 中包括子域,

取值范围:

  • on:开启。

  • off:关闭。(默认值)

HttpsForceCode

String

强制 HTTPS 跳转状态码。

取值范围:

  • 301

  • 302

  • 307

  • 308

HttpsNoSniDeny

String

是否开启拒绝无 SNI 的 TLS 握手请求。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

Hsts

String

是否开启 HSTS。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

HstsPreload

String

是否开启 HSTS 预加载。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

HstsMaxAge

String

HSTS 过期时间。

单位是秒。

HttpsSniWhitelist

String

指定允许的 SNI 白名单列表。

多个以空格分隔。

HttpsSniVerify

String

是否开启 SNI 校验。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

HttpsForce

String

是否开启强制 HTTPS。

取值范围:

  • on:开启。

  • off:关闭。(默认值)

PaymentType

String

付款类型。

RuleEnable

String

规则开关。

添加全局配置的时候不需要设置该参数。取值范围:

  • on:开启。

  • off:关闭。

Rule

String

规则内容。

使用条件表达式来匹配用户请求。添加全局配置的时候不需要设置该参数。存在两种使用场景:

  • 匹配所有传入请求:值设置为 true

  • 匹配指定请求:值设置为自定义表达式,例如:(http.host eq "video.example.com")

RuleName

String

规则名称。

添加全局配置的时候不需要设置该参数。

Sequence

Integer

规则执行顺序。

数值越小越优先执行。

SiteVersion

Integer

站点配置的版本号。

开启了配置版本管理的站点,可以通过该参数指定配置生效的站点版本,默认为版本 0。

返回值

Fn::GetAtt

  • HstsIncludeSubdomains:是否在 HSTS 中包括子域

  • AltSvcMa:Alt-Svc 有效时间

  • RuleEnable:规则开关。

  • HttpsForceCode:强制 HTTPS 跳转状态码

  • AltSvc:Alt-Svc 功能开关

  • HttpsNoSniDeny:是否开启拒绝无 SNI 的 TLS 握手请求

  • Hsts:是否开启 HSTS

  • HstsPreload:是否开启 HSTS 预加载

  • HstsMaxAge:HSTS 过期时间

  • Sequence:规则执行顺序

  • HttpsSniWhitelist:指定允许的 SNI 白名单列表

  • AltSvcPersist:Alt-Svc 头包是否含 persist 参数

  • HttpsSniVerify:是否开启 SNI 校验

  • AltSvcClear:Alt-Svc 头是否包含 clear 参数

  • HttpsForce:是否开启强制 HTTPS

  • Rule:规则内容

  • ConfigId:配置 ID。

  • SiteVersion:站点配置的版本号。

  • ConfigType:配置类型

  • RuleName:规则名称。

示例

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  SiteId:
    Type: Number
    Description:
      en: The site ID, which can be obtained by calling the ListSites API.
    Required: true
  RuleEnable:
    Type: String
    Description:
      en: |-
        Rule switch. When adding global configuration, this parameter does not need to be set. Value range:
        on: Enabled.
        off: Disabled.
    AllowedValues:
      - 'on'
      - 'off'
    Required: false
  Rule:
    Type: String
    Description:
      en: |-
        Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set. There are two usage scenarios:
        Match all incoming requests: value set to true
        Match specified request: Set the value to a custom expression, for example: (http.host eq \"video.example.com\").
    Required: false
  RuleName:
    Type: String
    Description:
      en: Rule name. When adding global configuration, this parameter does not need to be set.
    Required: false
Resources:
  ExtensionResource:
    Type: ALIYUN::ESA::HttpsApplicationConfiguration
    Properties:
      SiteId:
        Ref: SiteId
      RuleEnable:
        Ref: RuleEnable
      Rule:
        Ref: Rule
      RuleName:
        Ref: RuleName
Outputs:
  HstsIncludeSubdomains:
    Description: Whether to include subdomains in HSTS is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HstsIncludeSubdomains
  AltSvcMa:
    Description: The effective time of the Alt-Svc, in seconds. The default value is 86400 seconds.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AltSvcMa
  RuleEnable:
    Description: Rule switch. When adding global configuration, this parameter does not need to be set.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - RuleEnable
  HttpsForceCode:
    Description: Forced HTTPS jump status code, value range:.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HttpsForceCode
  AltSvc:
    Description: Function switch, default off.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AltSvc
  HttpsNoSniDeny:
    Description: Whether to enable to reject TLS handshake requests without SNI. This parameter is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HttpsNoSniDeny
  Hsts:
    Description: Whether to enable HSTS. It is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - Hsts
  HstsPreload:
    Description: Whether to enable HSTS preloading. It is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HstsPreload
  HstsMaxAge:
    Description: The expiration time of HSTS, in seconds.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HstsMaxAge
  Sequence:
    Description: Order of rule execution. The smaller the value, the higher the priority for execution.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - Sequence
  HttpsSniWhitelist:
    Description: Specifies the list of allowed SNI whitelists, separated by spaces.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HttpsSniWhitelist
  AltSvcPersist:
    Description: Alt-Svc whether The header contains the persist parameter. This parameter is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AltSvcPersist
  HttpsSniVerify:
    Description: Whether to enable SNI verification. It is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HttpsSniVerify
  AltSvcClear:
    Description: Alt-Svc whether The header contains the clear parameter. This parameter is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AltSvcClear
  HttpsForce:
    Description: Whether to enable forced HTTPS. It is disabled by default.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - HttpsForce
  Rule:
    Description: Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - Rule
  ConfigId:
    Description: Config Id.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - ConfigId
  SiteVersion:
    Description: The version number of the site configuration. For sites that have enabled configuration version management, this parameter can be used to specify the effective version of the configuration site, which defaults to version 0.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - SiteVersion
  ConfigType:
    Description: The type of the configuration.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - ConfigType
  RuleName:
    Description: Rule name. When adding global configuration, this parameter does not need to be set.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - RuleName
{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "SiteId": {
      "Type": "Number",
      "Description": {
        "en": "The site ID, which can be obtained by calling the ListSites API."
      },
      "Required": true
    },
    "RuleEnable": {
      "Type": "String",
      "Description": {
        "en": "Rule switch. When adding global configuration, this parameter does not need to be set. Value range:\non: Enabled.\noff: Disabled."
      },
      "AllowedValues": [
        "on",
        "off"
      ],
      "Required": false
    },
    "Rule": {
      "Type": "String",
      "Description": {
        "en": "Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set. There are two usage scenarios:\nMatch all incoming requests: value set to true\nMatch specified request: Set the value to a custom expression, for example: (http.host eq \\\"video.example.com\\\")."
      },
      "Required": false
    },
    "RuleName": {
      "Type": "String",
      "Description": {
        "en": "Rule name. When adding global configuration, this parameter does not need to be set."
      },
      "Required": false
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::ESA::HttpsApplicationConfiguration",
      "Properties": {
        "SiteId": {
          "Ref": "SiteId"
        },
        "RuleEnable": {
          "Ref": "RuleEnable"
        },
        "Rule": {
          "Ref": "Rule"
        },
        "RuleName": {
          "Ref": "RuleName"
        }
      }
    }
  },
  "Outputs": {
    "HstsIncludeSubdomains": {
      "Description": "Whether to include subdomains in HSTS is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HstsIncludeSubdomains"
        ]
      }
    },
    "AltSvcMa": {
      "Description": "The effective time of the Alt-Svc, in seconds. The default value is 86400 seconds.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AltSvcMa"
        ]
      }
    },
    "RuleEnable": {
      "Description": "Rule switch. When adding global configuration, this parameter does not need to be set.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "RuleEnable"
        ]
      }
    },
    "HttpsForceCode": {
      "Description": "Forced HTTPS jump status code, value range:.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HttpsForceCode"
        ]
      }
    },
    "AltSvc": {
      "Description": "Function switch, default off.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AltSvc"
        ]
      }
    },
    "HttpsNoSniDeny": {
      "Description": "Whether to enable to reject TLS handshake requests without SNI. This parameter is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HttpsNoSniDeny"
        ]
      }
    },
    "Hsts": {
      "Description": "Whether to enable HSTS. It is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "Hsts"
        ]
      }
    },
    "HstsPreload": {
      "Description": "Whether to enable HSTS preloading. It is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HstsPreload"
        ]
      }
    },
    "HstsMaxAge": {
      "Description": "The expiration time of HSTS, in seconds.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HstsMaxAge"
        ]
      }
    },
    "Sequence": {
      "Description": "Order of rule execution. The smaller the value, the higher the priority for execution.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "Sequence"
        ]
      }
    },
    "HttpsSniWhitelist": {
      "Description": "Specifies the list of allowed SNI whitelists, separated by spaces.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HttpsSniWhitelist"
        ]
      }
    },
    "AltSvcPersist": {
      "Description": "Alt-Svc whether The header contains the persist parameter. This parameter is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AltSvcPersist"
        ]
      }
    },
    "HttpsSniVerify": {
      "Description": "Whether to enable SNI verification. It is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HttpsSniVerify"
        ]
      }
    },
    "AltSvcClear": {
      "Description": "Alt-Svc whether The header contains the clear parameter. This parameter is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AltSvcClear"
        ]
      }
    },
    "HttpsForce": {
      "Description": "Whether to enable forced HTTPS. It is disabled by default.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "HttpsForce"
        ]
      }
    },
    "Rule": {
      "Description": "Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "Rule"
        ]
      }
    },
    "ConfigId": {
      "Description": "Config Id.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "ConfigId"
        ]
      }
    },
    "SiteVersion": {
      "Description": "The version number of the site configuration. For sites that have enabled configuration version management, this parameter can be used to specify the effective version of the configuration site, which defaults to version 0.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "SiteVersion"
        ]
      }
    },
    "ConfigType": {
      "Description": "The type of the configuration.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "ConfigType"
        ]
      }
    },
    "RuleName": {
      "Description": "Rule name. When adding global configuration, this parameter does not need to be set.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "RuleName"
        ]
      }
    }
  }
}