ALIYUN::ESA::HttpsBasicConfiguration类型用于添加站点HTTPS基础配置。
语法
{
"Type": "ALIYUN::ESA::HttpsBasicConfiguration",
"Properties": {
"SiteId": Integer,
"Ciphersuite": String,
"CiphersuiteGroup": String,
"Https": String,
"Http3": String,
"Http2": String,
"OcspStapling": String,
"RuleEnable": String,
"Rule": String,
"RuleName": String,
"Sequence": Integer,
"Tls10": String,
"Tls11": String,
"Tls12": String,
"Tls13": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
SiteId | Integer | 是 | 否 | 站点 ID。 | 无 |
Ciphersuite | String | 否 | 是 | 自定义加密套件。 | 表示当 CiphersuiteGroup 为 custom 时选取的具体加密算法。 |
CiphersuiteGroup | String | 否 | 是 | 加密套件组。 | 默认使用全部加密套件。取值范围:
|
Https | String | 否 | 是 | 是否开启 HTTPS。 | 默认开启。取值范围:
|
Http3 | String | 否 | 是 | 是否开启 HTTP3。 | 默认开启。取值范围:
|
Http2 | String | 否 | 是 | 是否开启 HTTP2。 | 默认开启。取值范围:
|
OcspStapling | String | 否 | 是 | 是否开启 OCSP。 | 默认关闭。取值范围:
|
RuleEnable | String | 否 | 是 | 规则开关。 | 添加全局配置的时候不需要设置该参数。取值范围:
|
Rule | String | 否 | 是 | 规则内容。 | 使用条件表达式来匹配用户请求。添加全局配置的时候不需要设置该参数。存在两种使用场景:
|
RuleName | String | 否 | 是 | 规则名称。 | 无 |
Sequence | Integer | 否 | 是 | 规则执行顺序。 | 数值越小越优先执行。 |
Tls10 | String | 否 | 是 | 是否开启 TLS1.0。 | 默认关闭。取值范围:
|
Tls11 | String | 否 | 是 | 是否开启 TLS1.1。 | 默认开启。取值范围:
|
Tls12 | String | 否 | 是 | 是否开启 TLS1.2。 | 默认开启。取值范围:
|
Tls13 | String | 否 | 是 | 是否开启 TLS1.3。 | 默认开启。取值范围:
|
返回值
Fn::GetAtt
Ciphersuite:自定义加密套件。
RuleEnable:规则开关。
Https:是否开启 HTTPS。
Http3:是否开启 HTTP3。
Http2:是否开启 HTTP2
Tls10:是否开启 TLS1.0。
Tls11:是否开启 TLS1.1。
Sequence:规则执行顺序。
Tls12:是否开启 TLS1.2。
Tls13:是否开启 TLS1.3。
CiphersuiteGroup:加密套件组。
Rule:规则内容。
ConfigId:配置 ID。
ConfigType:配置类型。
RuleName:规则名称。
OcspStapling:是否开启 OCSP。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
SiteId:
Type: Number
Description:
en: Site ID, which can be obtained by calling the [ListSites](~~ListSites~~) interface.
Required: true
Https:
Type: String
Description:
en: |-
Whether to enable HTTPS. Default is enabled. Possible values:
- on: Enable.
- off: Disable.
AllowedValues:
- 'on'
- 'off'
Required: false
Resources:
ExtensionResource:
Type: ALIYUN::ESA::HttpsBasicConfiguration
Properties:
SiteId:
Ref: SiteId
Https:
Ref: Https
Outputs:
Ciphersuite:
Description: Custom cipher suite, indicating the specific encryption algorithm selected when CiphersuiteGroup is set to custom.
Value:
Fn::GetAtt:
- ExtensionResource
- Ciphersuite
RuleEnable:
Description: Rule switch. When adding global configuration, this parameter does not need to be set.
Value:
Fn::GetAtt:
- ExtensionResource
- RuleEnable
Https:
Description: Whether to enable HTTPS. Default is enabled.
Value:
Fn::GetAtt:
- ExtensionResource
- Https
Http3:
Description: Whether to enable HTTP3, which is enabled by default.
Value:
Fn::GetAtt:
- ExtensionResource
- Http3
Http2:
Description: Indicates whether HTTP2 is enabled. Default is on.
Value:
Fn::GetAtt:
- ExtensionResource
- Http2
Tls10:
Description: Whether to enable TLS1.0. Default is disabled.
Value:
Fn::GetAtt:
- ExtensionResource
- Tls10
Tls11:
Description: Whether to enable TLS1.1. Default is enabled.
Value:
Fn::GetAtt:
- ExtensionResource
- Tls11
Sequence:
Description: Order of rule execution. The smaller the value, the higher the priority for execution.
Value:
Fn::GetAtt:
- ExtensionResource
- Sequence
Tls12:
Description: Whether to enable TLS1.2. Default is enabled.
Value:
Fn::GetAtt:
- ExtensionResource
- Tls12
Tls13:
Description: Whether to enable TLS1.3. Default is enabled.
Value:
Fn::GetAtt:
- ExtensionResource
- Tls13
CiphersuiteGroup:
Description: Cipher suite group. Default is all cipher suites.
Value:
Fn::GetAtt:
- ExtensionResource
- CiphersuiteGroup
Rule:
Description: Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set.
Value:
Fn::GetAtt:
- ExtensionResource
- Rule
ConfigId:
Description: ConfigId of the configuration.
Value:
Fn::GetAtt:
- ExtensionResource
- ConfigId
ConfigType:
Description: Configuration type, which can be used to query global or rule configurations.
Value:
Fn::GetAtt:
- ExtensionResource
- ConfigType
RuleName:
Description: Rule name. When adding global configuration, this parameter does not need to be set.
Value:
Fn::GetAtt:
- ExtensionResource
- RuleName
OcspStapling:
Description: Indicates whether OCSP is enabled. Default is off.
Value:
Fn::GetAtt:
- ExtensionResource
- OcspStapling
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"SiteId": {
"Type": "Number",
"Description": {
"en": "Site ID, which can be obtained by calling the [ListSites](~~ListSites~~) interface."
},
"Required": true
},
"Https": {
"Type": "String",
"Description": {
"en": "Whether to enable HTTPS. Default is enabled. Possible values:\n- on: Enable.\n- off: Disable."
},
"AllowedValues": [
"on",
"off"
],
"Required": false
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::ESA::HttpsBasicConfiguration",
"Properties": {
"SiteId": {
"Ref": "SiteId"
},
"Https": {
"Ref": "Https"
}
}
}
},
"Outputs": {
"Ciphersuite": {
"Description": "Custom cipher suite, indicating the specific encryption algorithm selected when CiphersuiteGroup is set to custom.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Ciphersuite"
]
}
},
"RuleEnable": {
"Description": "Rule switch. When adding global configuration, this parameter does not need to be set.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleEnable"
]
}
},
"Https": {
"Description": "Whether to enable HTTPS. Default is enabled.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Https"
]
}
},
"Http3": {
"Description": "Whether to enable HTTP3, which is enabled by default.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Http3"
]
}
},
"Http2": {
"Description": "Indicates whether HTTP2 is enabled. Default is on.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Http2"
]
}
},
"Tls10": {
"Description": "Whether to enable TLS1.0. Default is disabled.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Tls10"
]
}
},
"Tls11": {
"Description": "Whether to enable TLS1.1. Default is enabled.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Tls11"
]
}
},
"Sequence": {
"Description": "Order of rule execution. The smaller the value, the higher the priority for execution.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Sequence"
]
}
},
"Tls12": {
"Description": "Whether to enable TLS1.2. Default is enabled.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Tls12"
]
}
},
"Tls13": {
"Description": "Whether to enable TLS1.3. Default is enabled.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Tls13"
]
}
},
"CiphersuiteGroup": {
"Description": "Cipher suite group. Default is all cipher suites.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"CiphersuiteGroup"
]
}
},
"Rule": {
"Description": "Rule content, using conditional expressions to match user requests. When adding global configuration, this parameter does not need to be set.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Rule"
]
}
},
"ConfigId": {
"Description": "ConfigId of the configuration.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ConfigId"
]
}
},
"ConfigType": {
"Description": "Configuration type, which can be used to query global or rule configurations.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ConfigType"
]
}
},
"RuleName": {
"Description": "Rule name. When adding global configuration, this parameter does not need to be set.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleName"
]
}
},
"OcspStapling": {
"Description": "Indicates whether OCSP is enabled. Default is off.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"OcspStapling"
]
}
}
}
}
该文章对您有帮助吗?