我正在拼命尝试将SSL添加到我们的webapp上,该webapp使用单个docker conatiner在弹性beanstalk上运行。 我按照aws https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-docker.html的文档进行了操作,并添加了所有必需的信息。运行eb部署后,实例的配置中没有任何更改。通过SSH连接显示没有创建所需的2个文件。
envar.config:
# 01_envar.config
option_settings:
aws:elasticbeanstalk:application:environment:
PORT: 3000
NODE_ENV: production
files:
/etc/nginx/conf.d/https.conf:
mode: "000644"
owner: root
group: root
content: |
# HTTPS Server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
我非常擅长在aws上部署应用程序,任何帮助都会非常感激!
提前谢谢
答案 0 :(得分:0)
将TLS配置到ELB弹性beanstalk中提供环境所需的工作量比配置环境nginx配置要少,因此对于大多数用例来说它应该是更好的选择。