AWS Elastic Beanstalk 多容器 Docker 配置上的 HTTPS/SSL 问题
Posted
技术标签:
【中文标题】AWS Elastic Beanstalk 多容器 Docker 配置上的 HTTPS/SSL 问题【英文标题】:HTTPS/SSL Issues on AWS Elastic Beanstalk Multicontainer Docker Configuration 【发布时间】:2019-02-28 20:44:29 【问题描述】:我有这个 Multidocker 配置,我的 HTTP 流量工作正常,没有任何问题,但是,每次我尝试使用 https 时都会得到 408
"AWSEBDockerrunVersion": 2,
"containerDefinitions": [
"name": "users-managment",
"image": "....",
"essential": true,
"memory": 256,
"portMappings": [
"hostPort": 3000,
"containerPort": 3000
],
"environment": [
"name": "PORT",
"value": "3000"
],
"mountPoints": []
,
"name": "presence",
"image": "...ecr",
"essential": true,
"memory": 256,
"portMappings": [
"hostPort": 3001,
"containerPort": 3001
],
"environment": [
"name": "USERS_SERVICE",
"value": "http://users-managment:3000"
,
"name": "PORT",
"value": "3001"
],
"links": ["users-managment"],
"mountPoints": []
,
"name": "signaling",
"image": "...dkr.ecr...",
"environment": [
"name": "PORT",
"value": "3002"
],
"essential": true,
"memory": 256,
"portMappings": [
"hostPort": 3002,
"containerPort": 3002
],
"links": ["users-managment"],
"mountPoints": []
,
"name": "api-gateway",
"image": "...dkr.ecr...",
"essential": true,
"memory": 128,
"portMappings": [
"hostPort": 80,
"containerPort": 80
,
"hostPort": 443,
"containerPort": 443
],
"links": ["signaling", "presence", "users-managment"],
"mountPoints": []
]
我有 3 个 node.js 服务器和一个 nginx 服务器,所有图像都上传到 Amazon Elastic 容器存储库,我用亚马逊证书管理器添加了一个 SSL 证书,并且已经在弹性 beanstalk 负载均衡器中的经典负载均衡器中打开了一个端口 443配置,我检查了附加到 EB 应用程序的安全组,它也将所有 HTTP 和 HTTPS 流量重定向到负载均衡器。
这是 nginx 配置
#The actual HTTPS server
server
listen 80;
listen 443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location /users
proxy_pass http://users-managment:3000;
location /docs/users
proxy_pass http://users-managment:3000;
location /ice/servers
proxy_pass http://signaling:3002;
#For Server-1
location /signaling/
#Configure proxy to pass data to upstream node1
proxy_pass http://signaling:3002/socket.io/;
#HTTP version 1.1 is needed for sockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#For Server-2
location /presence/
#Configure proxy to pass data to upstream node2
proxy_pass http://presence:3001/socket.io/;
#HTTP version 1.1 is needed for sockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
【问题讨论】:
【参考方案1】:通过将实例端口设置为 80,将实例协议设置为 HTTP,同时保持负载均衡器端口 443 和协议 HTTPS 解决
【讨论】:
你不知道我解决了多久,谢谢! 我花了一段时间才偶然发现这篇文章:docs.aws.amazon.com/elasticbeanstalk/latest/dg/… 这是来自 AWS 的官方文档。它解释了同样的事情。以上是关于AWS Elastic Beanstalk 多容器 Docker 配置上的 HTTPS/SSL 问题的主要内容,如果未能解决你的问题,请参考以下文章
AWS Elastic Beanstalk 多容器 Docker 配置上的 HTTPS/SSL 问题
AWS Elastic Beanstalk:将容器日志流式传输到 CloudWatch 问题
使用 Dockerrun.aws.json 和 Elastic Beanstalk 命名 Docker 容器
AWS Elastic Beanstalk 更改挂载目录的权限