Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ssl 如何在Elastic Beanstalk中的EC2实例上重新启动HTTPS以启用HTTPS?_Ssl_Amazon Ec2_Https_Amazon Elastic Beanstalk - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • Ssl 如何在Elastic Beanstalk中的EC2实例上重新启动HTTPS以启用HTTPS?

Ssl 如何在Elastic Beanstalk中的EC2实例上重新启动HTTPS以启用HTTPS?

ssl amazon-ec2 https

Ssl 如何在Elastic Beanstalk中的EC2实例上重新启动HTTPS以启用HTTPS?,ssl,amazon-ec2,https,amazon-elastic-beanstalk,Ssl,Amazon Ec2,Https,Amazon Elastic Beanstalk,问题 我正在尝试在Elastic Beanstalk中的EC2实例上启用HTTPS。我在.ebextensions目录中有一个https instance.config文件,其中包括停止和启动httpd服务器。最初的容器命令如下(来自AWS文档,在我的问题中也提到: 但是,我得到了以下错误,详细信息见cfn init.log: 2020-08-25 14:51:55,622 [INFO] -----------------------Starting build-----------------

问题

我正在尝试在Elastic Beanstalk中的EC2实例上启用HTTPS。我在
.ebextensions
目录中有一个
https instance.config
文件,其中包括停止和启动
httpd
服务器。最初的容器命令如下(来自AWS文档,在我的问题中也提到:

但是,我得到了以下错误,详细信息见
cfn init.log

2020-08-25 14:51:55,622 [INFO] -----------------------Starting build-----------------------
2020-08-25 14:51:55,631 [INFO] Running configSets: Infra-EmbeddedPostBuild
2020-08-25 14:51:55,634 [INFO] Running configSet Infra-EmbeddedPostBuild
2020-08-25 14:51:55,638 [INFO] Running config postbuild_0_tiny_app
2020-08-25 14:51:55,706 [ERROR] Command 01killhttpd (systemctl restart httpd.service) failed
2020-08-25 14:51:55,706 [ERROR] Error encountered during build of postbuild_0_tiny_app: Command 01killhttpd failed
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 542, in run_config
    CloudFormationCarpenter(config, self._auth_config).build(worklog)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 260, in build
    changes['commands'] = CommandTool().apply(self._config.commands)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/command_tool.py", line 117, in apply
    raise ToolError(u"Command %s failed" % name)
ToolError: Command 01killhttpd failed
2020-08-25 14:51:55,706 [ERROR] -----------------------BUILD FAILED!------------------------
2020-08-25 14:51:55,707 [ERROR] Unhandled exception during build: Command 01killhttpd failed
Traceback (most recent call last):
  File "/opt/aws/bin/cfn-init", line 171, in <module>
    worklog.build(metadata, configSets)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 129, in build
    Contractor(metadata).build(configSets, self)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 530, in build
    self.run_config(config, worklog)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 542, in run_config
    CloudFormationCarpenter(config, self._auth_config).build(worklog)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 260, in build
    changes['commands'] = CommandTool().apply(self._config.commands)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/command_tool.py", line 117, in apply
    raise ToolError(u"Command %s failed" % name)
ToolError: Command 01killhttpd failed

问题

如何重新启动httpd服务器以允许HTTPS连接到我的应用程序

上下文

  • 亚马逊Linux 2
  • Python3.7环境中的Flask应用程序
  • 使用单个EC2实例,因此没有负载平衡器
  • 我只需要为了发展的目的
以下是我从AWS获得的完整的
https instance.config

packages:
  yum:
    mod_ssl : []
    
files:
  /etc/httpd/conf.d/ssl.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      LoadModule wsgi_module modules/mod_wsgi.so
      WSGIPythonHome /opt/python/run/baselinenv
      WSGISocketPrefix run/wsgi
      WSGIRestrictEmbedded On
      Listen 443
      <VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile "/etc/pki/tls/certs/server.crt"
        SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
        
        Alias /static/ /opt/python/current/app/static/
        <Directory /opt/python/current/app/static>
        Order allow,deny
        Allow from all
        </Directory>
        
        WSGIScriptAlias / /opt/python/current/app/application.py
        
        <Directory /opt/python/current/app>
        Require all granted
        </Directory>
        
        WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
          python-path=/opt/python/current/app \
          python-home=/opt/python/run/venv \
          home=/opt/python/current/app \
          user=wsgi \
          group=wsgi
        WSGIProcessGroup wsgi-ssl
        
      </VirtualHost>
      
  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      MIID8zCCAtsCFGzyKrXOsCiyLHRPfBG75SlmQyXqMA0GCSqGSIb3DQEBCwUAMIG1
      ...
      PuulTMAZWNXHa0g+XbRTtOQDA8FA0vlA80B+rFUQESSo2Cw5JKXTaL9OpMMG/t9S
      qvv+vGuaIw==
      -----END CERTIFICATE-----

       
  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEogIBAAKCAQEA+OYzho7mXLUY6zTTqBIibsk2rfuJIO2xN2moIUNTqzJS8Yv6
      ...
      cSQsBzRR1Z5hl77Qa6gwiDx7rYswWtQt/8zsY8OUB3kg1SqriwI=
      -----END RSA PRIVATE KEY-----

container_commands:
  01restartservice:
    command: "systemctl restart httpd.service"

软件包:
百胜:
mod_ssl:[]
文件夹:
/etc/httpd/conf.d/ssl.conf:
模式:“000644”
所有者:root
组:根
内容:|
LoadModule wsgi_modules/mod_wsgi.so
WSGIPythonHome/opt/python/run/baselinenv
WSGISocketPrefix运行/wsgi
WSGirestricton嵌入式
听我说
斯伦金安
SSLCertificateFile“/etc/pki/tls/certs/server.crt”
SSLCertificateKeyFile“/etc/pki/tls/certs/server.key”
别名/static//opt/python/current/app/static/
命令允许,拒绝
通融
WSGIScriptAlias//opt/python/current/app/application.py
要求所有授权
WSGIDaemonProcess wsgi ssl进程=1线程=15显示名称=%{GROUP}\
python路径=/opt/python/current/app\
python home=/opt/python/run/venv\
home=/opt/python/current/app\
用户=wsgi\
组=wsgi
WSGIProcessGroup wsgi ssl
/etc/pki/tls/certs/server.crt:
模式:“000400”
所有者:root
组:根
内容:|
-----开始证书-----
MIID8zCCAtsCFGzyKrXOsCiyLHRPfBG75SlmQyXqMA0GCSqGSIb3DQEBCwUAMIG1
...
PuulTMAZWNXHa0g+XbRTtOQDA8FA0vlA80B+rFUQESSo2Cw5JKXTaL9OpMMG/t9S
qvv+vGuaIw==
-----结束证书-----
/etc/pki/tls/certs/server.key:
模式:“000400”
所有者:root
组:根
内容:|
-----开始RSA私钥-----
Miieogibakcaqea+OYzho7mXLUY6zTTqBIibsk2rfuJIO2xN2moIUNTqzJS8Yv6
...
cSQsBzRR1Z5hl77Qa6gwiDx7rYswWtQt/8zsY8OUB3kg1SqriwI=
-----结束RSA私钥-----
容器命令:
01重新启动服务:
命令:“systemctl重新启动httpd.service”
命令失败的原因是在Amazon Linux 2上 Python 3.7环境中没有httpd(它是物理安装的,但不是活动的)。您可以通过将其加载到实例中并运行以下命令来验证这一点:

sudo systemctl status httpd
相反,
nginx
gunicorn
作为wsgi。您提供的AWS文档链接是针对Amazon Linux 1的,而不是针对2的

因此,SSL证书和HTTPs应该使用
.platform/nginx/conf.d/
文件夹中的nginx进行设置。

在每次新部署时都会重新启动httpd,这对于单个EC2实例来说已经足够了,这很有趣。从AWS文档中我从来都不知道这一点——即使在他们的Linux 2特定文档中(),他们在“.platform/httpd/conf.d/”文件夹中讨论配置。我想我不知道配置会有什么不同——我不是这方面的专家——但这可能是一个单独的问题。我现在没有ssh访问权限。@whoopscheckmate是的。遗憾的是AWS文档现在很混乱。一些涉及Amazon Linux 1,其他部分涉及Amazon Linux2,不清楚他们什么时候这样做。这个答案很有道理,但我搜索了一个将httpd配置映射到nginx配置的清晰方法,但没有找到任何结果。这是我看到的使用nginx()启用https的文档但这似乎不正确。我的问题是,有没有一种简单的方法来更改上面的配置文件来进行nginx设置?如果有,并且您愿意帮忙,我可以问另一个问题。如果没有,我应该在他们的论坛上联系AWS吗?我的另一个想法是以某种方式将wsgi更改为httpd。这可能吗?@whoopscheckmate目前还不确定也许你能做,但我现在不清楚怎么做。 
container_commands:
  01restartservice:
    command: "systemctl restart httpd.service"

packages:
  yum:
    mod_ssl : []
    
files:
  /etc/httpd/conf.d/ssl.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      LoadModule wsgi_module modules/mod_wsgi.so
      WSGIPythonHome /opt/python/run/baselinenv
      WSGISocketPrefix run/wsgi
      WSGIRestrictEmbedded On
      Listen 443
      <VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile "/etc/pki/tls/certs/server.crt"
        SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
        
        Alias /static/ /opt/python/current/app/static/
        <Directory /opt/python/current/app/static>
        Order allow,deny
        Allow from all
        </Directory>
        
        WSGIScriptAlias / /opt/python/current/app/application.py
        
        <Directory /opt/python/current/app>
        Require all granted
        </Directory>
        
        WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
          python-path=/opt/python/current/app \
          python-home=/opt/python/run/venv \
          home=/opt/python/current/app \
          user=wsgi \
          group=wsgi
        WSGIProcessGroup wsgi-ssl
        
      </VirtualHost>
      
  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      MIID8zCCAtsCFGzyKrXOsCiyLHRPfBG75SlmQyXqMA0GCSqGSIb3DQEBCwUAMIG1
      ...
      PuulTMAZWNXHa0g+XbRTtOQDA8FA0vlA80B+rFUQESSo2Cw5JKXTaL9OpMMG/t9S
      qvv+vGuaIw==
      -----END CERTIFICATE-----

       
  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEogIBAAKCAQEA+OYzho7mXLUY6zTTqBIibsk2rfuJIO2xN2moIUNTqzJS8Yv6
      ...
      cSQsBzRR1Z5hl77Qa6gwiDx7rYswWtQt/8zsY8OUB3kg1SqriwI=
      -----END RSA PRIVATE KEY-----

container_commands:
  01restartservice:
    command: "systemctl restart httpd.service"

sudo systemctl status httpd