AWS Elasticbeanstalk单个实例上的SSL设置 - 无负载均衡器

时间:2015-09-30 14:53:28

标签: python ssl amazon-web-services openssl elastic-beanstalk

我有一个基于django / python的Web应用程序,我在过去一年中一直在部署到AWS。现在我们需要进行SSL设置,以便我们的用户可以在线注册和付款。

我已经整合了Stripe checkout js,现在我正在尝试获得自签名 SSL证书 FOR TESTING ,以便在我的DEV AWS EB实例上运行。

我在这里查看了AWS文档 http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/SSL.SingleInstance.html#CreateSSLConfig.SingleInstance

AND,对于配置文件:

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/SSLPython.SingleInstance.html

现在,当我部署到我的AWS实例时,我收到以下错误:

2015-09-29 23:07:48 UTC-0400    ERROR   [Instance: *****] Command failed on instance. Return code: 1 Output: Error occurred during build: Command hooks failed .
2015-09-29 23:07:47 UTC-0400    ERROR   Script /opt/elasticbeanstalk/hooks/appdeploy/enact/01flip.py failed with returncode 1

我不确定发生了什么或如何调试这些错误。

这是我的配置文件:

  Resources: 
  sslSecurityGroupIngress: 
  Properties: 
    CidrIp: 0.0.0.0/0
    FromPort: 443
    GroupId: 
      Ref: AWSEBSecurityGroup
    IpProtocol: tcp
    ToPort: 443
  Type: "AWS::EC2::SecurityGroupIngress"
  files: 
  /etc/httpd/conf.d/ssl.conf: 
  content: |
      LoadModule wsgi_module modules/mod_wsgi.so
      WSGIPythonHome /opt/python/run/baselinenv
      WSGISocketPrefix run/wsgi
      WSGIRestrictEmbedded On
      Listen 443
      <VirtualHost *:80>
        ServerName myserver
        Redirect permanent / https://myserver
      </VirtualHost>

      <VirtualHost *:443>
        ServerName myserver


        SSLEngine on
        SSLCertificateFile "/etc/pki/tls/certs/server.crt"
        SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"

        Alias /static/ /opt/python/current/app/static/
        <Directory /opt/python/current/app/static>
        Order allow,deny
        Allow from all
        </Directory>

        WSGIScriptAlias / /opt/python/current/app/application.py

        <Directory /opt/python/current/app>
        Require all granted
        </Directory>

        WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
          python-path=/opt/python/current/app:/opt/python/run/venv/lib/python2.7/site-packages user=wsgi group=wsgi \
          home=/opt/python/current/app
        WSGIProcessGroup wsgi-ssl
      </VirtualHost>
  group: root
  mode: "000755"
  owner: root
  /etc/pki/tls/certs/server.crt: 
  content: "-----BEGIN CERTIFICATE-----\n\
      ********=\n\
      -----END CERTIFICATE-----\n\
      \x20\n"
  group: root
  mode: "000400"
  owner: root
  /etc/pki/tls/certs/server.key: 
  content: |
      -----BEGIN RSA PRIVATE KEY-----
      *******
      -----END RSA PRIVATE KEY-----
  group: root
  mode: "000400"
  owner: root
  packages: 
  yum: 
  mod24_ssl: []

当我通过SSH连接到ec2-user下的EC2实例时,我使用OpenSSL创建了我的私钥,证书密钥和自签名证书。在某些情况下,我看到人们在/var/www/html/.中有这些文件我在主目录中有文件,这会导致问题吗?

有关如何诊断此问题的任何想法,或者是否有更好的方法在单个EB实例上设置SSL?

谢谢。

0 个答案:

没有答案
相关问题
最新问题