Amazon web services 无法识别AWS Elastic Beanstalk httpd/conf.d/ssl.conf_Amazon Web Services_Apache_Ssl_Tomcat_Amazon Elastic Beanstalk

Amazon web services 无法识别AWS Elastic Beanstalk httpd/conf.d/ssl.conf

amazon-web-services apache ssl tomcat

Amazon web services 无法识别AWS Elastic Beanstalk httpd/conf.d/ssl.conf,amazon-web-services,apache,ssl,tomcat,amazon-elastic-beanstalk,Amazon Web Services,Apache,Ssl,Tomcat,Amazon Elastic Beanstalk,为了激活ssl，我在项目的根目录中创建了一个.ebextensions目录，但是我没有看到在ssl.conf文件中创建的虚拟主机443 部署之后，密钥很好（创建的很好），但是永远不会创建ssl.conf。因此，我需要手动连接到实例并修改conf.d文件以添加virtualhost 战争结构： ROOT.war | WEB-INF META-INF .ebextensions | https-ins

为了激活ssl，我在项目的根目录中创建了一个.ebextensions目录，但是我没有看到在ssl.conf文件中创建的虚拟主机443

部署之后，密钥很好（创建的很好），但是永远不会创建ssl.conf。因此，我需要手动连接到实例并修改conf.d文件以添加virtualhost

战争结构：

ROOT.war
      |
       WEB-INF
       META-INF
       .ebextensions
           |
            https-instance-single.config
            https-instance.config
           |
            httpd
                 |
                  conf.d
                        |
                         ssl.conf

https-instance.config：

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----

  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      XXXXXXXXXX
      -----END RSA PRIVATE KEY-----

  /etc/pki/tls/certs/gd_bundle.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----

https-instance-single.config：

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

ssl.conf：

Listen 443

<VirtualHost *:443>
  ServerName YOUR_SERVER_NAME
  SSLEngine on
  SSLCertificateFile "/etc/pki/tls/certs/server.crt"
  SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
  SSLCertificateChainFile "/etc/pki/tls/certs/gd_bundle.crt"
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

  <Proxy *>
    Require all granted
  </Proxy>
  ProxyPass / http://localhost:8080/ retry=0
  ProxyPassReverse / http://localhost:8080/
  ProxyPreserveHost on

  ErrorLog /var/log/httpd/elasticbeanstalk-ssl-error_log

</VirtualHost>

听443
服务器名称您的\u服务器\u名称
斯伦金安
SSLCertificateFile“/etc/pki/tls/certs/server.crt”
SSLCertificateKeyFile“/etc/pki/tls/certs/server.key”
SSLCertificateChainFile“/etc/pki/tls/certs/gd_bundle.crt”
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
要求所有授权
ProxyPass/http://localhost:8080/ 重试=0
ProxyPassReverse/http://localhost:8080/
代理主机
ErrorLog/var/log/httpd/elasticbeanstalk-ssl-error\u log

我解决了这个问题

我不知道为什么，也没有记录，但似乎代理文件必须在.platform文件夹中

日志显示：

跳过.ebextensions下的旧版配置，改为放在.platform下

所以我试着创建了这个文件夹并成功了。但美国焊接学会从未用这一步骤制作过文件。因此，请更新您的文档！：）