ALIYUN::ESA::HttpsApplicationConfiguration类型用于添加站点HTTPS应用配置。
语法
{
"Type": "ALIYUN::ESA::HttpsApplicationConfiguration",
"Properties": {
"SiteId": Integer,
"AltSvcMa": String,
"AltSvc": String,
"AltSvcPersist": String,
"AltSvcClear": String,
"HstsIncludeSubdomains": String,
"HttpsForceCode": String,
"HttpsNoSniDeny": String,
"Hsts": String,
"HstsPreload": String,
"HstsMaxAge": String,
"HttpsSniWhitelist": String,
"HttpsSniVerify": String,
"HttpsForce": String,
"PaymentType": String,
"RuleEnable": String,
"Rule": String,
"RuleName": String,
"Sequence": Integer,
"SiteVersion": Integer
}
}
属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
SiteId | Integer | 是 | 否 | 站点 ID。 | 无 |
AltSvcMa | String | 否 | 是 | Alt-Svc 有效时间。 | 单位是秒,默认为 86400 秒。 |
AltSvc | String | 否 | 是 | Alt-Svc 功能开关。 | 取值范围:
|
AltSvcPersist | String | 否 | 是 | Alt-Svc 头包是否含 persist 参数。 | 取值范围:
|
AltSvcClear | String | 否 | 是 | Alt-Svc 头是否包含 clear 参数。 | 取值范围:
|
HstsIncludeSubdomains | String | 否 | 是 | 是否在 HSTS 中包括子域, | 取值范围:
|
HttpsForceCode | String | 否 | 是 | 强制 HTTPS 跳转状态码。 | 取值范围:
|
HttpsNoSniDeny | String | 否 | 是 | 是否开启拒绝无 SNI 的 TLS 握手请求。 | 取值范围:
|
Hsts | String | 否 | 是 | 是否开启 HSTS。 | 取值范围:
|
HstsPreload | String | 否 | 是 | 是否开启 HSTS 预加载。 | 取值范围:
|
HstsMaxAge | String | 否 | 是 | HSTS 过期时间。 | 单位是秒。 |
HttpsSniWhitelist | String | 否 | 是 | 指定允许的 SNI 白名单列表。 | 多个以空格分隔。 |
HttpsSniVerify | String | 否 | 是 | 是否开启 SNI 校验。 | 取值范围:
|
HttpsForce | String | 否 | 是 | 是否开启强制 HTTPS。 | 取值范围:
|
PaymentType | String | 否 | 否 | 付款类型。 | 无 |
RuleEnable | String | 否 | 是 | 规则开关。 | 添加全局配置的时候不需要设置该参数。取值范围:
|
Rule | String | 否 | 是 | 规则内容。 | 使用条件表达式来匹配用户请求。添加全局配置的时候不需要设置该参数。存在两种使用场景:
|
RuleName | String | 否 | 是 | 规则名称。 | 添加全局配置的时候不需要设置该参数。 |
Sequence | Integer | 否 | 是 | 规则执行顺序。 | 数值越小越优先执行。 |
SiteVersion | Integer | 否 | 否 | 站点配置的版本号。 | 开启了配置版本管理的站点,可以通过该参数指定配置生效的站点版本,默认为版本 0。 |
返回值
Fn::GetAtt
HstsIncludeSubdomains:是否在 HSTS 中包括子域。
AltSvcMa:Alt-Svc 有效时间。
RuleEnable:规则开关。
HttpsForceCode:强制 HTTPS 跳转状态码。
AltSvc:Alt-Svc 功能开关。
HttpsNoSniDeny:是否开启拒绝无 SNI 的 TLS 握手请求。
Hsts:是否开启 HSTS。
HstsPreload:是否开启 HSTS 预加载。
HstsMaxAge:HSTS 过期时间。
Sequence:规则执行顺序。
HttpsSniWhitelist:指定允许的 SNI 白名单列表。
AltSvcPersist:Alt-Svc 头包是否含 persist 参数。
HttpsSniVerify:是否开启 SNI 校验。
AltSvcClear:Alt-Svc 头是否包含 clear 参数。
HttpsForce:是否开启强制 HTTPS。
Rule:规则内容。
ConfigId:配置 ID。
SiteVersion:站点配置的版本号。
ConfigType:配置类型。
RuleName:规则名称。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
SiteId:
Type: Number
Description:
en: The site ID, which can be obtained by calling the ListSites API.
Required: true
RuleEnable:
Type: String
Description:
en: |-
Rule switch. When adding global configuration, this parameter does not need to be set. Value range:
on: Enabled.
off: Disabled.
AllowedValues:
- 'on'
- 'off'
Required: false
Rule:
Type: String
Description:
en: |-
Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set. There are two usage scenarios:
Match all incoming requests: value set to true
Match specified request: Set the value to a custom expression, for example: (http.host eq \"video.example.com\").
Required: false
RuleName:
Type: String
Description:
en: Rule name. When adding global configuration, this parameter does not need to be set.
Required: false
Resources:
ExtensionResource:
Type: ALIYUN::ESA::HttpsApplicationConfiguration
Properties:
SiteId:
Ref: SiteId
RuleEnable:
Ref: RuleEnable
Rule:
Ref: Rule
RuleName:
Ref: RuleName
Outputs:
HstsIncludeSubdomains:
Description: Whether to include subdomains in HSTS is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- HstsIncludeSubdomains
AltSvcMa:
Description: The effective time of the Alt-Svc, in seconds. The default value is 86400 seconds.
Value:
Fn::GetAtt:
- ExtensionResource
- AltSvcMa
RuleEnable:
Description: Rule switch. When adding global configuration, this parameter does not need to be set.
Value:
Fn::GetAtt:
- ExtensionResource
- RuleEnable
HttpsForceCode:
Description: Forced HTTPS jump status code, value range:.
Value:
Fn::GetAtt:
- ExtensionResource
- HttpsForceCode
AltSvc:
Description: Function switch, default off.
Value:
Fn::GetAtt:
- ExtensionResource
- AltSvc
HttpsNoSniDeny:
Description: Whether to enable to reject TLS handshake requests without SNI. This parameter is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- HttpsNoSniDeny
Hsts:
Description: Whether to enable HSTS. It is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- Hsts
HstsPreload:
Description: Whether to enable HSTS preloading. It is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- HstsPreload
HstsMaxAge:
Description: The expiration time of HSTS, in seconds.
Value:
Fn::GetAtt:
- ExtensionResource
- HstsMaxAge
Sequence:
Description: Order of rule execution. The smaller the value, the higher the priority for execution.
Value:
Fn::GetAtt:
- ExtensionResource
- Sequence
HttpsSniWhitelist:
Description: Specifies the list of allowed SNI whitelists, separated by spaces.
Value:
Fn::GetAtt:
- ExtensionResource
- HttpsSniWhitelist
AltSvcPersist:
Description: Alt-Svc whether The header contains the persist parameter. This parameter is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- AltSvcPersist
HttpsSniVerify:
Description: Whether to enable SNI verification. It is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- HttpsSniVerify
AltSvcClear:
Description: Alt-Svc whether The header contains the clear parameter. This parameter is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- AltSvcClear
HttpsForce:
Description: Whether to enable forced HTTPS. It is disabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- HttpsForce
Rule:
Description: Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set.
Value:
Fn::GetAtt:
- ExtensionResource
- Rule
ConfigId:
Description: Config Id.
Value:
Fn::GetAtt:
- ExtensionResource
- ConfigId
SiteVersion:
Description: The version number of the site configuration. For sites that have enabled configuration version management, this parameter can be used to specify the effective version of the configuration site, which defaults to version 0.
Value:
Fn::GetAtt:
- ExtensionResource
- SiteVersion
ConfigType:
Description: The type of the configuration.
Value:
Fn::GetAtt:
- ExtensionResource
- ConfigType
RuleName:
Description: Rule name. When adding global configuration, this parameter does not need to be set.
Value:
Fn::GetAtt:
- ExtensionResource
- RuleName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"SiteId": {
"Type": "Number",
"Description": {
"en": "The site ID, which can be obtained by calling the ListSites API."
},
"Required": true
},
"RuleEnable": {
"Type": "String",
"Description": {
"en": "Rule switch. When adding global configuration, this parameter does not need to be set. Value range:\non: Enabled.\noff: Disabled."
},
"AllowedValues": [
"on",
"off"
],
"Required": false
},
"Rule": {
"Type": "String",
"Description": {
"en": "Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set. There are two usage scenarios:\nMatch all incoming requests: value set to true\nMatch specified request: Set the value to a custom expression, for example: (http.host eq \\\"video.example.com\\\")."
},
"Required": false
},
"RuleName": {
"Type": "String",
"Description": {
"en": "Rule name. When adding global configuration, this parameter does not need to be set."
},
"Required": false
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::ESA::HttpsApplicationConfiguration",
"Properties": {
"SiteId": {
"Ref": "SiteId"
},
"RuleEnable": {
"Ref": "RuleEnable"
},
"Rule": {
"Ref": "Rule"
},
"RuleName": {
"Ref": "RuleName"
}
}
}
},
"Outputs": {
"HstsIncludeSubdomains": {
"Description": "Whether to include subdomains in HSTS is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HstsIncludeSubdomains"
]
}
},
"AltSvcMa": {
"Description": "The effective time of the Alt-Svc, in seconds. The default value is 86400 seconds.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AltSvcMa"
]
}
},
"RuleEnable": {
"Description": "Rule switch. When adding global configuration, this parameter does not need to be set.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleEnable"
]
}
},
"HttpsForceCode": {
"Description": "Forced HTTPS jump status code, value range:.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HttpsForceCode"
]
}
},
"AltSvc": {
"Description": "Function switch, default off.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AltSvc"
]
}
},
"HttpsNoSniDeny": {
"Description": "Whether to enable to reject TLS handshake requests without SNI. This parameter is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HttpsNoSniDeny"
]
}
},
"Hsts": {
"Description": "Whether to enable HSTS. It is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Hsts"
]
}
},
"HstsPreload": {
"Description": "Whether to enable HSTS preloading. It is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HstsPreload"
]
}
},
"HstsMaxAge": {
"Description": "The expiration time of HSTS, in seconds.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HstsMaxAge"
]
}
},
"Sequence": {
"Description": "Order of rule execution. The smaller the value, the higher the priority for execution.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Sequence"
]
}
},
"HttpsSniWhitelist": {
"Description": "Specifies the list of allowed SNI whitelists, separated by spaces.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HttpsSniWhitelist"
]
}
},
"AltSvcPersist": {
"Description": "Alt-Svc whether The header contains the persist parameter. This parameter is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AltSvcPersist"
]
}
},
"HttpsSniVerify": {
"Description": "Whether to enable SNI verification. It is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HttpsSniVerify"
]
}
},
"AltSvcClear": {
"Description": "Alt-Svc whether The header contains the clear parameter. This parameter is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AltSvcClear"
]
}
},
"HttpsForce": {
"Description": "Whether to enable forced HTTPS. It is disabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"HttpsForce"
]
}
},
"Rule": {
"Description": "Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Rule"
]
}
},
"ConfigId": {
"Description": "Config Id.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ConfigId"
]
}
},
"SiteVersion": {
"Description": "The version number of the site configuration. For sites that have enabled configuration version management, this parameter can be used to specify the effective version of the configuration site, which defaults to version 0.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"SiteVersion"
]
}
},
"ConfigType": {
"Description": "The type of the configuration.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ConfigType"
]
}
},
"RuleName": {
"Description": "Rule name. When adding global configuration, this parameter does not need to be set.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleName"
]
}
}
}
}