在运行Tomcat的EC2实例上终止HTTPS

时间:2016-12-15 19:22:23

标签: apache amazon-web-services tomcat ssl amazon-ec2

我正在尝试在使用Elastic Beanstalk部署的AWS EC2实例上启用HTTPS。执行此操作的文档要求您在应用程序根目录中的目录.ebextensions/https-instance.config中添加this snippet。我必须分别用我的证书和密钥替换certificate file contentsprivate key contents。我最初收到的格式错误不正确,因此我将他们提供的代码段转换为JSON并重新上传 - 

{
  "files": {
    "/etc/httpd/conf.d/ssl.conf": {
      "owner": "root",
      "content": "LoadModule ssl_module modules/mod_ssl.so\nListen 443\n<VirtualHost *:443>\n  <Proxy *>\n    Order deny,allow\n    Allow from all\n  </Proxy>\n\n  SSLEngine             on\n  SSLCertificateFile    \"/etc/pki/tls/certs/server.crt\"\n  SSLCertificateKeyFile \"/etc/pki/tls/certs/server.key\"\n  SSLCipherSuite        EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\n  SSLProtocol           All -SSLv2 -SSLv3\n  SSLHonorCipherOrder   On\n  \n  Header always set Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\"\n  Header always set X-Frame-Options DENY\n  Header always set X-Content-Type-Options nosniff\n  \n  ProxyPass / http://localhost:8080/ retry=0\n  ProxyPassReverse / http://localhost:8080/\n  ProxyPreserveHost on\n  \n</VirtualHost>\n",
      "group": "root",
      "mode": "000644"
    },
    "/etc/pki/tls/certs/server.crt": {
      "owner": "root",
      "content": "-----BEGIN CERTIFICATE-----\ncertificate file contents\n-----END CERTIFICATE-----\n",
      "group": "root",
      "mode": "000400"
    },
    "/etc/pki/tls/certs/server.key": {
      "owner": "root",
      "content": "-----BEGIN RSA PRIVATE KEY-----\nprivate key contents # See note below.\n-----END RSA PRIVATE KEY-----\n",
      "group": "root",
      "mode": "000400"
    }
  },
  "container_commands": {
    "killhttpd": {
      "command": "killall httpd"
    },
    "waitforhttpddeath": {
      "command": "sleep 3"
    }
  },
  "packages": {
    "yum": {
      "mod_ssl": []
    }
  }
}

部署因错误而中止 - 

[Instance: i-0x012x0123x012xyz] Command failed on instance. Return code: 1 Output: httpd: no process found. container_command killhttpd in my-app-name/.ebextensions/https-instance.config failed. For more detail, check /var/log/eb-activity.log using console or EB CLI.

我可以判断错误是由于container_commands密钥导致的,该密钥在配置后停止httpd,以便可以使用新的https.conf和证书。它告诉我它正在尝试杀死httpd,但它找不到任何此类进程正在运行。 service httpd status显示httpd.worker (pid 0123) is running,我也可以在线访问我的应用。 /var/log/eb-activity.log也没有记录任何内容。

我见过其他一些人在网上发布同样的问题,但我找不到任何解决方案。有什么我在这里做错了吗?

1 个答案:

答案 0 :(得分:1)

ebextensions正在尝试执行killall httpd,但您的流程称为httpd.worker

ebextensions中的行更改为killall httpd.worker

相关问题
最新问题