我最近购买了SSL证书,我正在尝试使用Nginx EC2实例将其加载到我的Elastic Load Balancer上。
网站未加载任何内容,我的错误日志显示此错误:no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking
所有健康检查都在亚马逊的网站上传递,所以我不确定是什么问题。 SSL证书也已正确上传到我的ELB。我的nginx代理文件如下所示:
server {
listen 80;
listen 443 default_server ssl;
rewrite ^(.*) https://$host$1 permanent;
client_max_body_size 4G;
client_header_timeout 60;
client_body_buffer_size 1K;
client_header_buffer_size 1k;
server_name %(DOMAINS)s %(EC2_INSTANCES)s;
keepalive_timeout 20;
root %(PROJECT_PATH)s;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /path/to/app/current/public;
}
}
非常感谢任何建议!提前谢谢!
编辑 - - -
网站现在显示一个纯白页,但是当我检查元素时(通过Chrome)有503错误。不确定这是否起作用,但我认为信息越多越好。
答案 0 :(得分:1)
在您的ELB中,将流量从443重定向到80端口,并在您的vhost中执行此操作:
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
client_max_body_size 4G;
client_header_timeout 60;
client_body_buffer_size 1K;
client_header_buffer_size 1k;
server_name %(DOMAINS)s %(EC2_INSTANCES)s;
keepalive_timeout 20;
root %(PROJECT_PATH)s;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
set $is_https 'off';
if ($http_x_forwarded_proto ~ 'https') {
set $is_https 'on';
}
proxy_set_header HTTPS $is_https;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /path/to/app/current/public;
}
}
如果要在ELB中终止SSL,则不需要在vhost中检查SSL。您只需检查http_x_forwarded_proto标头并将其传递给后端即可。