Amazon web services 无法识别AWS Elastic Beanstalk httpd/conf.d/ssl.conf
为了激活ssl,我在项目的根目录中创建了一个.ebextensions目录,但是我没有看到在ssl.conf文件中创建的虚拟主机443 部署之后,密钥很好(创建的很好),但是永远不会创建ssl.conf。因此,我需要手动连接到实例并修改conf.d文件以添加virtualhost 战争结构:Amazon web services 无法识别AWS Elastic Beanstalk httpd/conf.d/ssl.conf,amazon-web-services,apache,ssl,tomcat,amazon-elastic-beanstalk,Amazon Web Services,Apache,Ssl,Tomcat,Amazon Elastic Beanstalk,为了激活ssl,我在项目的根目录中创建了一个.ebextensions目录,但是我没有看到在ssl.conf文件中创建的虚拟主机443 部署之后,密钥很好(创建的很好),但是永远不会创建ssl.conf。因此,我需要手动连接到实例并修改conf.d文件以添加virtualhost 战争结构: ROOT.war | WEB-INF META-INF .ebextensions | https-ins
ROOT.war
|
WEB-INF
META-INF
.ebextensions
|
https-instance-single.config
https-instance.config
|
httpd
|
conf.d
|
ssl.conf
https-instance.config:
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXX
-----END RSA PRIVATE KEY-----
/etc/pki/tls/certs/gd_bundle.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
https-instance-single.config:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
ssl.conf:
Listen 443
<VirtualHost *:443>
ServerName YOUR_SERVER_NAME
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCertificateChainFile "/etc/pki/tls/certs/gd_bundle.crt"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-ssl-error_log
</VirtualHost>
听443
服务器名称您的\u服务器\u名称
斯伦金安
SSLCertificateFile“/etc/pki/tls/certs/server.crt”
SSLCertificateKeyFile“/etc/pki/tls/certs/server.key”
SSLCertificateChainFile“/etc/pki/tls/certs/gd_bundle.crt”
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
要求所有授权
ProxyPass/http://localhost:8080/ 重试=0
ProxyPassReverse/http://localhost:8080/
代理主机
ErrorLog/var/log/httpd/elasticbeanstalk-ssl-error\u log
我解决了这个问题
我不知道为什么,也没有记录,但似乎代理文件必须在.platform文件夹中
日志显示:
跳过.ebextensions下的旧版配置,改为放在.platform下
所以我试着创建了这个文件夹并成功了。但美国焊接学会从未用这一步骤制作过文件。因此,请更新您的文档!:)