您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

排查 Azure CDN 终结点返回 404 状态代码的问题Troubleshooting Azure CDN endpoints that return a 404 status code

本文帮助你排查 Azure 内容分发网络 (CDN) 终结点返回 404 HTTP 响应状态代码的问题。This article enables you to troubleshoot issues with Azure Content Delivery Network (CDN) endpoints that return 404 HTTP response status codes.

如果对本文中的任何内容需要更多帮助,可以联系 MSDN Azure 和堆栈溢出论坛上的 Azure 专家。If you need more help at any point in this article, you can contact the Azure experts on the MSDN Azure and the Stack Overflow forums. 或者,也可以提出 Azure 支持事件。Alternatively, you can also file an Azure support incident. 请转到 Azure 支持站点并选择“获取支持”。 Go to the Azure Support site and select Get Support.

症状Symptom

已经创建 CDN 配置文件和终结点,但内容似乎没有出现在 CDN 上。You've created a CDN profile and an endpoint, but your content doesn't seem to be available on the CDN. 尝试通过 CDN URL 访问内容的用户收到 HTTP 404 状态代码。Users who attempt to access your content via the CDN URL receive an HTTP 404 status code.

原因Cause

有若干个可能的原因,包括:There are several possible causes, including:

  • CDN 不知道文件的来源。The file's origin isn't visible to the CDN.
  • 终结点配置不正确,导致 CDN 在错误的位置中进行查找。The endpoint is misconfigured, causing the CDN to look in the wrong place.
  • 主机拒绝来自 CDN 的主机标头。The host is rejecting the host header from the CDN.
  • 终结点没有足够时间传播到整个 CDN。The endpoint hasn't had time to propagate throughout the CDN.

疑难解答步骤Troubleshooting steps

重要

创建 CDN 终结点后,终结点无法立即使用,因为注册需要时间来通过 CDN 进行传播:After creating a CDN endpoint, it will not immediately be available for use, as it takes time for the registration to propagate through the CDN:

  • 对于 Microsoft 的 Azure CDN 标准版配置文件,传播通常可在 10 分钟内完成 。For Azure CDN Standard from Microsoft profiles, propagation usually completes in ten minutes.
  • 对于 Akamai 的 Azure CDN 标准版配置文件,传播通常可在一分钟内完成。For Azure CDN Standard from Akamai profiles, propagation usually completes within one minute.
  • 对于 Verizon 的 Azure CDN 标准版和 Verizon 的 Azure CDN 高级版配置文件,传播通常可在 90 分钟内完成 。For Azure CDN Standard from Verizon and Azure CDN Premium from Verizon profiles, propagation usually completes within 90 minutes.

如果完成了本文档中的步骤,但仍然收到 404 响应,请考虑在创建支持票证之前,等待几小时后重新检查一次。If you complete the steps in this document and you're still getting 404 responses, consider waiting a few hours to check again before opening a support ticket.

检查源文件Check the origin file

首先,验证想要缓存的文件在源服务器上可用,并且可以在 Internet 上公开访问。First, verify that the file to cache is available on the origin server and is publicly accessible on the internet. 执行此操作的最快方法是,在一个专用或 Incognito 会话中打开浏览器,并直接浏览该文件。The quickest way to do that is to open a browser in a private or incognito session and browse directly to the file. 键入 URL 或将该 URL 粘贴到地址框,然后检查文件中的结果是否与预期一致。Type or paste the URL into the address box and verify that it results in the file you expect. 例如,假设Azure 存储帐户中有一个可从 https://cdndocdemo.blob.core.windows.net/publicblob/lorem.txt 访问的文件。For example, suppose you have a file in an Azure Storage account, accessible at https://cdndocdemo.blob.core.windows.net/publicblob/lorem.txt. 如果可以成功加载此文件的内容,则表示通过了测试。If you can successfully load this file's contents, it passes the test.

成功!

警告

虽然这是验证文件是否已公开可用的最快且最简单的方法,组织中的一些网络配置可能会给你一个错觉,即文件虽然已公开可用,但实际上只有网络(即使它在 Azure 中托管)用户才能看到此文件。While this is the quickest and easiest way to verify your file is publicly available, some network configurations in your organization could make it appear that a file is publicly available when it is, in fact, only visible to users of your network (even if it's hosted in Azure). 为确保不会出现这种情况,请使用外部浏览器测试文件,例如,未连接到组织网络的移动设备或 Azure 中的虚拟机。To ensure that this isn't the case, test the file with an external browser, such as a mobile device that is not connected to your organization's network, or a virtual machine in Azure.

检查源设置Check the origin settings

验证该文件在 Internet 上公开可用后,验证源设置。After you've verified the file is publicly available on the internet, verify your origin settings. Azure 门户中,浏览到 CDN 配置文件,并选择要进行故障排除的终结点。In the Azure Portal, browse to your CDN profile and select the endpoint you're troubleshooting. 在出现的“终结点”页中,选择源。 From the resulting Endpoint page, select the origin.

突出显示源的“终结点”页

“源”页随即显示。 The Origin page appears.

“源”页

源类型和主机名Origin type and hostname

验证“源类型”和“源主机名”的值是否正确。 Verify that the values of the Origin type and Origin hostname are correct. 在此示例 https://cdndocdemo.blob.core.windows.net/publicblob/lorem.txt 中,URL 的主机名部分是 cdndocdemo.blob.core.windows.net,这是正确的。In this example, https://cdndocdemo.blob.core.windows.net/publicblob/lorem.txt, the hostname portion of the URL is cdndocdemo.blob.core.windows.net, which is correct. 由于 Azure 存储、Web 应用和云服务源使用“源主机名”字段的下拉列表值,因此无需担心拼写正确问题。 Because Azure Storage, Web App, and Cloud Service origins use a drop-down list value for the Origin hostname field, incorrect spellings aren't an issue. 但是,如果使用自定义源,请确保主机名拼写正确。However, if you use a custom origin, ensure that your hostname is spelled correctly.

HTTP 和 HTTPS 端口HTTP and HTTPS ports

检查 HTTPHTTPS 端口Check your HTTP and HTTPS ports. 在大多数情况下,80 和 443 都正确,无需任何更改。In most cases, 80 and 443 are correct, and you will require no changes. 但是,如果源服务器正在侦听其他端口,则应在此处表示出来。However, if the origin server is listening on a different port, that will need to be represented here. 如果不能确定,请查看源文件的 URL。If you're not sure, view the URL for your origin file. HTTP 和 HTTPS 规范使用端口 80 和 443 作为默认值。The HTTP and HTTPS specifications use ports 80 and 443 as the defaults. 在示例 URL https://cdndocdemo.blob.core.windows.net/publicblob/lorem.txt 中未指定端口,因此假设 443 为默认端口,并且设置是正确的。In the example URL, https://cdndocdemo.blob.core.windows.net/publicblob/lorem.txt, a port is not specified, so the default of 443 is assumed and the settings are correct.

但是,假设之前测试的源文件的 URL 为 http://www.contoso.com:8080/file.txt,However, suppose the URL for the origin file that you tested earlier is http://www.contoso.com:8080/file.txt. 请注意主机名段末尾的 :8080 部分。Note the :8080 portion at the end of the hostname segment. 数字指示浏览器端口 8080 用于连接到 web 服务器在 www.contoso.com,因此你将需要输入8080HTTP 端口字段。That number instructs the browser to use port 8080 to connect to the web server at www.contoso.com, therefore you'll need to enter 8080 in the HTTP port field. 请务必注意,这些端口设置只会影响该终结点用来从源中检索信息的那些端口。It's important to note that these port settings affect only what port the endpoint uses to retrieve information from the origin.

备注

来自 Akamai 的 Azure CDN 标准终结点不允许原点的完整 TCP 端口范围。Azure CDN Standard from Akamai endpoints do not allow the full TCP port range for origins. 有关不被允许的原点端口列表,请参阅 来自 Akamai 的 Azure CDN 受允许原点端口For a list of origin ports that are not allowed, see Azure CDN from Akamai Allowed Origin Ports.

检查终结点设置Check the endpoint settings

在“终结点”页上,选择“配置”按钮。 On the Endpoint page, select the Configure button.

突出显示“配置”按钮的“终结点”页

CDN 终结点的“配置”页随即出现。 The CDN endpoint Configure page appears.

“配置”页

协议Protocols

对于协议,请验证是否选择了客户端所使用的协议。For Protocols, verify that the protocol being used by the clients is selected. 由于客户端使用的协议与用来访问源的协议相同,因此,在前一部分中正确配置源的端口非常重要。Because the same protocol used by the client is the one used to access the origin, it's important to have the origin ports configured correctly in the previous section. CDN 终结点仅侦听默认 HTTP 和 HTTPS 端口(80 和 443),而不考虑源端口。The CDN endpoint listens only on the default HTTP and HTTPS ports (80 and 443), regardless of the origin ports.

让我们返回到假设示例 http://www.contoso.com:8080/file.txt。Let's return to our hypothetical example with http://www.contoso.com:8080/file.txt. 会记得,Contoso 指定 8080 作为其 HTTP 端口,但我们还假定它们指定 44300 作为其 HTTPS 端口。As you'll remember, Contoso specified 8080 as their HTTP port, but let's also assume they specified 44300 as their HTTPS port. 如果创建名为 contoso 的终结点,其 CDN 终结点主机名将是 contoso.azureedge.netIf they created an endpoint named contoso, their CDN endpoint hostname would be contoso.azureedge.net. 对 http://contoso.azureedge.net/file.txt 的请求是一个 HTTP 请求,因此,终结点将使用端口 8080 上的 HTTP 来检索源。A request for http://contoso.azureedge.net/file.txt is an HTTP request, so the endpoint would use HTTP on port 8080 to retrieve it from the origin. 通过 HTTPS 对 https://contoso.azureedge.net/file.txt 发出安全请求可能会导致终结点在从源检索文件时使用端口 44300 上的 HTTPS。A secure request over HTTPS, https://contoso.azureedge.net/file.txt, would cause the endpoint to use HTTPS on port 44300 when retrieving the file from the origin.

源主机标头Origin host header

源主机标头是随着每个请求发送到源的主机标头值。The Origin host header is the host header value sent to the origin with each request. 在大多数情况下,应与前面部分验证的源主机名相同。In most cases, this should be the same as the Origin hostname we verified earlier. 此字段中的错误值通常不会导致 404 状态,但有可能会导致其他 4xx 状态,具体取决于源期望的值。An incorrect value in this field won't generally cause 404 statuses, but is likely to cause other 4xx statuses, depending on what the origin expects.

源路径Origin path

最后,我们应该验证源路径Lastly, we should verify our Origin path. 默认情况下为空。By default this is blank. 只有在希望缩小在 CDN 上使用源托管的资源范围时,才应使用此字段。You should only use this field if you want to narrow the scope of the origin-hosted resources you want to make available on the CDN.

在示例终结点,我们希望存储帐户中的所有资源都可用,因此将“源路径”保留为空。 In the example endpoint, we wanted all resources on the storage account to be available, so Origin path was left blank. 这意味着,对 https://cdndocdemo.azureedge.net/publicblob/lorem.txt 的请求将导致终结点连接到请求 /publicblob/lorem.txt 的 cdndocdemo.core.windows.net。This means that a request to https://cdndocdemo.azureedge.net/publicblob/lorem.txt results in a connection from the endpoint to cdndocdemo.core.windows.net that requests /publicblob/lorem.txt. 同样,对 https://cdndocdemo.azureedge.net/donotcache/status.png 的请求将导致终结点从源请求 /donotcache/status.pngLikewise, a request for https://cdndocdemo.azureedge.net/donotcache/status.png results in the endpoint requesting /donotcache/status.png from the origin.

但是,如果不想要对源上的每个路径使用 CDN,怎么办?But what if you don't want to use the CDN for every path on your origin? 假设我们只想要公开 publicblob 路径。Say you only wanted to expose the publicblob path. 如果在“源路径”字段中输入 /publicblob,这会导致终结点在对源提出每个请求前,都要插入 /publicblobIf we enter /publicblob in the Origin path field, that will cause the endpoint to insert /publicblob before every request being made to the origin. 这意味着,对 https://cdndocdemo.azureedge.net/publicblob/lorem.txt 的请求现在实际上将接受 URL /publicblob/lorem.txt 的请求部分,并将 /publicblob 追加到开头。This means that the request for https://cdndocdemo.azureedge.net/publicblob/lorem.txt will now actually take the request portion of the URL, /publicblob/lorem.txt, and append /publicblob to the beginning. 这会导致从源对 /publicblob/publicblob/lorem.txt 发出请求。This results in a request for /publicblob/publicblob/lorem.txt from the origin. 如果该路径未解析实际文件,源将返回 404 状态。If that path doesn't resolve to an actual file, the origin will return a 404 status. 在此示例中,用来检索 lorem.txt 的正确 URL 实际上是 https://cdndocdemo.azureedge.net/lorem.txt。The correct URL to retrieve lorem.txt in this example would actually be https://cdndocdemo.azureedge.net/lorem.txt. 请注意,我们完全没有包含 /publicblob 路径,因为该 URL 的请求部分是 /lorem.txt,并且终结点添加了 /publicblob,这会导致 /publicblob/lorem.txt 成为传递到源的请求。Note that we don't include the /publicblob path at all, because the request portion of the URL is /lorem.txt and the endpoint adds /publicblob, resulting in /publicblob/lorem.txt being the request passed to the origin.