Elasticbeanstalk 在单个 Python 实例上配置 HTTPS:模板中不允许使用空值

Posted

技术标签:

【中文标题】Elasticbeanstalk 在单个 Python 实例上配置 HTTPS:模板中不允许使用空值【英文标题】:Elasticbeanstalk configuring HTTPS on Single Instance of Python: null values are not allowed in templates 【发布时间】:2016-04-21 09:22:01 【问题描述】:

我已经在 EB(单实例)环境中部署了一个 Flask 应用程序,它运行良好,我现在正在尝试使用自签名证书将其配置为 https 以对其进行测试。

所以我添加了一个配置文件,如 EB 开发人员指南中所示的 .ebextensions(我之前有 2 个用于设置 satic dir 路径和安装 postgresql94-devel 的文件),所以现在我有了:

/.ebextensions
   a_packages.config
   b_path.config
   singlehttps.config
/.elasticbeanstalk
   config.yml

config.yml 在哪里:

branch-defaults:
  default:
    environment: myApp-env
global:
  application_name: myApp
  default_ec2_keyname: aws-eb
  default_platform: 64bit Amazon Linux 2015.09 v2.0.6 running Python 2.7
  default_region: eu-central-1
  profile: eb-cli
  sc: null

a_packages.config 是:

packages:
  yum:
    postgresql94-devel: []

b_path.config 是:

option_settings:
   "aws:elasticbeanstalk:container:python:staticfiles":
     "/static/": "flaskApp/static/"

singlehttps.config 是:

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: "Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

packages:
  yum:
    mod24_ssl : []

files:
  /etc/httpd/conf.d/ssl.conf:  
  mode: "000644"
  owner: root
  group: root
  content: |
    LoadModule wsgi_module modules/mod_wsgi.so
    WSGIPythonHome /opt/python/run/baselinenv
    WSGISocketPrefix run/wsgi
    WSGIRestrictEmbedded On
    Listen 443

    <VirtualHost *:80>
      ServerName myserver
      Redirect permanent / https://myserver  
    </VirtualHost>

    <VirtualHost *:443>
      ServerName myserver

      SSLEngine on
      SSLCertificateFile "/etc/pki/tls/certs/server.crt"
      SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"

      Alias /static/ /opt/python/current/app/static/
      <Directory /opt/python/current/app/static>
        Order allow,deny
        Allow from all
      </Directory>

      WSGIScriptAlias / /opt/python/current/app/application.py

      <Directory /opt/python/current/app>
        Require all granted
      </Directory>

      WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%GROUP \
        python-path=/opt/python/current/app:/opt/python/run/venv/lib/python2.7/site-packages:/opt/python/run/venv/lib64/python2.7/site-packages \
        home=/opt/python/current/app
        user=wsgi \
        group=wsgi \

      WSGIProcessGroup wsgi-ssl
    </VirtualHost>                            

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      MIID ....   fUJbS8/O+
      -----END CERTIFICATE-----


  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEz ....... JTAwSYIw==
      -----END RSA PRIVATE KEY-----


container_commands:
  01killhttpd:
    command: "killall httpd"
  02waitforhttpddeath:
    command: "sleep 3"

因此,每当我尝试使用 .ebextensions 中的 singlehttps.config 创建一个新环境时,我都无法部署,输出为:

Enter Environment Name
(default is myApp-dev): myApp-env
Enter DNS CNAME prefix
(default is myApp-env): myApp
Creating application version archive "app-160115_183325".
Uploading myApp/app-160115_183325.zip to S3. This may take a while.
Upload Complete.
Environment details for: myApp-env
  Application name: myApp
  Region: eu-central-1
  Deployed Version: app-160115_183325
  Environment ID: ***********
  Platform: 64bit Amazon Linux 2015.09 v2.0.6 running Python 2.7
  Tier: WebServer-Standard
  CNAME: myApp.elasticbeanstalk.com
  Updated: 2016-01-15 17:34:22.209000+00:00
Printing Status:
INFO: createEnvironment is starting.
INFO: Using elasticbeanstalk-eu-central-1-************* as Amazon S3 storage bucket for environment data.
ERROR: Service:AmazonCloudFormation, Message:'null' values are not allowed in templates
ERROR: Failed to launch environment.

我很确定问题出在单个 https.config 中,因为没有它就不会发生。我无法在日志中阅读任何有用的内容。我试图查看 CloudFourmation,但我没有得到任何结果。

【问题讨论】:

【参考方案1】:

你应该缩进/etc/httpd/conf.d/ssl.conf下面的所有内容:

files:
  /etc/httpd/conf.d/ssl.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      multiline
      file content
      goes here

【讨论】:

以上是关于Elasticbeanstalk 在单个 Python 实例上配置 HTTPS:模板中不允许使用空值的主要内容,如果未能解决你的问题,请参考以下文章

Elasticbeanstalk 在单个 Python 实例上配置 HTTPS:模板中不允许使用空值

为 Elasticbeanstalk 单实例乘客配置 SSL

带有 json 的 Elastic Beanstalk 单实例 https 示例

AWS Elastic Beanstalk NodeJS 和日志

是否可以在单个 nextflow 过程中对输入进行输出反馈?

如何在 AWS Elastic Beanstalk 中为多个 grails 环境使用单个 .war?