我正在使用 Cloudflare 在 NGINX (作为代理)的 Docker 上运行的react app。 Web在Ubuntu服务器上运行良好,但是在尝试迁移到Elastic Beanstalk之后,HTTPS / SSL出现了问题。
我只有一个容器堆栈,因此无法使用负载均衡器。但是我在 https-instance-securitygroup.config 中定义了端口,如下所示。
但是我的请求不断陷入 400错误请求-普通的HTTP请求已发送到HTTPS端口。
在Cloudflare上,我将SSL设置为Flexible,然后启用了Always Use HTTPS。
另外,我在Ubuntu服务器上测试了该容器,并且能够使HTTPS正常运行,因此AWS一定要具备某些功能...
default.conf
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name www.webname.com;
ssl_certificate /etc/ssl/certs/www.webname.com.cert.pem;
ssl_certificate_key /etc/ssl/certs/www.webname.com.key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_client_certificate /etc/ssl/certs/cloudflare.pem;
# ssl_verify_client on;
root /usr/share/nginx/html;
index index.html;
# force TLS
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
Dockerfile
# Create proxy container for www.webname.com
#STAGE 1 -- Build Web
FROM node:12.2.0-alpine as node
RUN mkdir /web
WORKDIR /web
#Copy dependency definition
COPY packages/app-prerelease-landing/package.json /web
RUN yarn install
#Copy all files
COPY . /web
WORKDIR /web/packages/app-prerelease-landing
RUN yarn && yarn build
#STAGE 2 -- Build nginx server
FROM nginx:1.15.2-alpine
# Set timezone
RUN echo "Europe/Berlin" > /etc/timezone
# Add www certificates
COPY docker/ssl /etc/ssl/certs/
# Add virtual hosts
COPY docker/default.conf /etc/nginx/conf.d/
#Open port 443 for incoming traffic
EXPOSE 443
# Add static content
COPY --from=node /web/packages/app-prerelease-landing/dist /usr/share/nginx/html
https-instance-securitygroup.config
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
Dockerrun.aws.json
{
"AWSEBDockerrunVersion": "1",
"Ports": [
{
"ContainerPort": 443,
"HostPort": 443
}
]
}
有什么想念的吗?
++附加日志中的最后100行。 https://pastebin.com/H15kKMRa