AWS Elastic Beanstalk httpd/conf.d/ssl.conf 无法识别

Posted

技术标签:

【中文标题】AWS Elastic Beanstalk httpd/conf.d/ssl.conf 无法识别【英文标题】:AWS Elastic Beanstalk httpd/conf.d/ssl.conf not recognized 【发布时间】:2021-02-23 16:19:06 【问题描述】:

我在项目的根目录中创建了一个 .ebextensions 目录以激活 ssl,但我没有看到在 ssl.conf 文件中创建的虚拟主机 443。

部署后,密钥正常(创建正常),但从未创建 ssl.conf。所以需要手动连接实例,修改conf.d文件添加虚拟主机。

WAR结构:

ROOT.war
      |
       WEB-INF
       META-INF
       .ebextensions
           |
            https-instance-single.config
            https-instance.config
           |
            httpd
                 |
                  conf.d
                        |
                         ssl.conf

https-instance.config:

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----

  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      XXXXXXXXXX
      -----END RSA PRIVATE KEY-----

  /etc/pki/tls/certs/gd_bundle.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END CERTIFICATE-----

https-instance-single.config:

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: "Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

ssl.conf:

Listen 443

<VirtualHost *:443>
  ServerName YOUR_SERVER_NAME
  SSLEngine on
  SSLCertificateFile "/etc/pki/tls/certs/server.crt"
  SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
  SSLCertificateChainFile "/etc/pki/tls/certs/gd_bundle.crt"
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

  <Proxy *>
    Require all granted
  </Proxy>
  ProxyPass / http://localhost:8080/ retry=0
  ProxyPassReverse / http://localhost:8080/
  ProxyPreserveHost on

  ErrorLog /var/log/httpd/elasticbeanstalk-ssl-error_log

</VirtualHost>

【问题讨论】:

【参考方案1】:

我解决了这个问题。

我不知道为什么也没有记录,但似乎代理文件必须在 .platform 文件夹中。

日志显示:

skip legacy configuration under .ebextensions, put under .platform instead

所以我尝试创建该文件夹并且工作正常。但 AWS 从未使用该步骤制作文档。所以 AWS 请更新您的文档! :)

【讨论】:

以上是关于AWS Elastic Beanstalk httpd/conf.d/ssl.conf 无法识别的主要内容,如果未能解决你的问题,请参考以下文章

[AWS] Elastic Beanstalk

AWS Elastic Beanstalk CLI 安装错误

text AWS Elastic Beanstalk

HTTPS Elastic Beanstalk (AWS) 到 Android

AWS Elastic Beanstalk 无法担任角色

AWS Elastic Beanstalk