带有 json 的 Elastic Beanstalk 单实例 https 示例

Posted 2023-03-04

【中文标题】带有 json 的 Elastic Beanstalk 单实例 https 示例

【英文标题】：Elastic Beanstalk single instance https example with json

【发布时间】：2016-03-11 21:49:47

【问题描述】：

我一直在寻找一个 JSON 格式而不是 YAML 格式的示例，以便能够在 Elastic Beanstalk 服务器的单个实例中配置 https。 .ebextensions/singlehttps.config里面的文件 单个实例对于低端应用程序非常重要，因为我们不必使用每月额外花费 20 美元的负载均衡器。

【参考方案1】：

经过这么多麻烦，我将我的创作发布在这里，以供其他遇到同样问题的人使用。这是在 php 服务器上测试的。

    "files": 
        "/etc/pki/tls/certs/server.crt": 
            "owner": "root",
            "source": "amazon/s3/url/server.crt",
            "group": "root",
            "mode": "000700"
        ,
        "/etc/pki/tls/certs/server.key": 
            "owner": "root",
            "source": "amazon/s3/url/server.key",
            "group": "root",
            "mode": "000700"
        ,
        "/etc/pki/tls/certs/gd_bundle.crt": 
            "owner": "root",
            "source": "amazon/s3/url/gd_bundle.crt",
            "group": "root",
            "mode": "000700"
        ,
        "/etc/httpd/conf.d/ssl.conf": 
            "owner": "root",
            "content": "LoadModule ssl_module modules/mod_ssl.so\nListen 443\n<VirtualHost *:443>\n  <Proxy *>\n    Order deny,allow\n    Allow from all\n  </Proxy>\n\n  SSLEngine             on\n  SSLCertificateFile    \"/etc/pki/tls/certs/server.crt\"\n  SSLCertificateKeyFile \"/etc/pki/tls/certs/server.key\"\n  SSLCertificateChainFile \"/etc/pki/tls/certs/gd_bundle.crt\"\n  SSLCipherSuite        EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\n  SSLProtocol           All -SSLv2 -SSLv3\n  SSLHonorCipherOrder   On\n  SSLSessionTickets     Off\n\n  Header always set Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\"\n  Header always set X-Frame-Options DENY\n  Header always set X-Content-Type-Options nosniff\n\n  ProxyPass / http://localhost:80/ retry=0\n  ProxyPassReverse / http://localhost:80/\n  ProxyPreserveHost on\n  RequestHeader set X-Forwarded-Proto \"https\" early\n\n  LogFormat \"%h (%X-Forwarded-Fori) %l %u %t \\\"%r\\\" %>s %b \\\"%Refereri\\\" \\\"%User-Agenti\\\"\"\n  ErrorLog /var/log/httpd/elasticbeanstalk-error_log\n  TransferLog /var/log/httpd/elasticbeanstalk-access_log\n</VirtualHost>\n",
            "group": "root",
            "mode": "000644"
        
    ,
    "packages": 
        "yum": 
            "mod24_ssl": []
        
    ,
    "Resources": 
        "sslSecurityGroupIngress": 
            "Type": "AWS::EC2::SecurityGroupIngress",
            "Properties": 
                "ToPort": 443,
                "IpProtocol": "tcp",
                "GroupId": 
                    "Fn::GetAtt": [
                        "AWSEBSecurityGroup",
                        "GroupId"
                    ]
                ,
                "FromPort": 443,
                "CidrIp": "0.0.0.0/0"
            
        ,
        "AWSEBAutoScalingGroup": 
            "Metadata": 
                "AWS::CloudFormation::Authentication": 
                    "S3Auth": 
                        "roleName": 
                            "Fn::GetOptionSetting": 
                                "Namespace": "aws:asg:launchconfiguration",
                                "DefaultValue": "aws-elasticbeanstalk-ec2-role",
                                "OptionName": "IamInstanceProfile"
                            
                        ,
                        "buckets": [
                            "amazons3bucket"
                        ],
                        "type": "s3"