堆栈内存溢出
  简体   繁体   English

AWS - 负载均衡器上的SSL / HTTPS

[英]AWS - SSL/HTTPS on load balancer

 原文  2014-11-16 21:08:58       ssl/ amazon-web-services/ amazon-ec2

问题描述

I have a problem to add https to my EC2 instance and maybe you guys can have the answer to make it work. 我有一个问题是将https添加到我的EC2实例中,也许你们可以得到答案让它工作。

I have a load balancer that is forwarding the connection to my EC2 instance, I've add the SSL certificate to the load balancer and everything went fine, I've add a listener to the port 443 that will forward to the port 443 of my instance and I've configured Apache to listen on both port 443 and 80, now here the screenshot of my load balancer: 我有一个负载均衡器将连接转发到我的EC2实例,我已经将SSL证书添加到负载均衡器,一切都很顺利,我已经添加了一个侦听器到端口443,它将转发到我的端口443实例,我已经将Apache配置为侦听端口443和80,现在这里是我的负载均衡器的屏幕截图:

在此输入图像描述

The SSL certificate is valid and on port 80 (HTTP) everything is fine, but if I try the with https the request does not got through. SSL证书是有效的,在端口80(HTTP)上一切正常,但如果我尝试使用https,则请求无法通过。

Any idea? 任何的想法?

Cheers 干杯

2 个解决方案

解决方案1
 26 已采纳  2014-11-17 01:34:42

Elastic Load Balancer can not forward your HTTPS requests to the server. Elastic Load Balancer无法将您的HTTPS请求转发到服务器。 This is why SSL is there : to prevent a man in the middle attack (amongst others) 这就是SSL存在的原因:防止中间人攻击(以及其他)

The way you can get this working is the following : 您可以通过以下方式实现此目的:

  • configure your ELB to accept 443 TCP connection and install an SSL certificate through IAM (just like you did) 配置您的ELB接受443 TCP连接并通过IAM安装SSL证书(就像您一样)
  • relay traffic on TCP 80 to your fleet of web servers 将TCP 80上的流量中继到您的Web服务器队列
  • configure your web server to accept traffic on TCP 80 (having SSL between the load balancer and the web servers is also supported, but not required most of the time) 配置您的Web服务器以接受TCP 80上的流量(也支持在负载均衡器和Web服务器之间使用SSL,但大多数情况下不需要)

  • configure your web servers Security Group to only accept traffic from the load balancer. 将Web服务器安全组配置为仅接受来自负载均衡器的流量。

  • (optional) be sure your Web Servers are running in a private subnet, ie with only private IP addressed and no route to the Internet Gateway (可选)确保您的Web服务器在私有子网中运行,即只有私有IP地址且没有到Internet网关的路由

If you really need to have an end-to-end SSL tunnel between your client and you backend servers (for example, to perform client side SSL authentication), then you'll have to configure your load balancer in TCP mode, not in HTTP mode (see Support for two-way TLS/HTTPS with ELB for more details) 如果您确实需要在客户端和后端服务器之间建立端到端SSL隧道(例如,执行客户端SSL身份验证),那么您必须在TCP模式下配置负载均衡器,而不是在HTTP中模式(有关详细信息,请参阅支持使用ELB的双向TLS / HTTPS

More details : 更多细节 :

解决方案2
 3  2014-11-16 21:24:28

Do you have an HTTPS listener on your EC2 instance? 您的EC2实例上是否有HTTPS侦听器? If not, your instance port should be 80 for both load balancer listeners. 如果没有,则两个负载均衡器侦听器的实例端口应为80。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS在Load Balancer Listener上设置https SSL - AWS set https SSL on Load Balancer Listener AWS Elastic Beanstalk 负载均衡器 SSL/HTTPS 不起作用 - AWS Elastic Beanstalk Load Balancer SSL/HTTPS not working AWS-向负载均衡器添加了SSL,并尝试访问https url? - AWS - added SSL to load balancer and tried accessing https url? 适用于AWS Load Balancer的SSL证书 - SSL Certificate For AWS Load Balancer AWS负载均衡器-所有HTTPS请求均导致503错误,但是SSL是否具有证书? - AWS Load Balancer - All HTTPS requests are resulting in 503 error, but SSL has a cert? 带有负载均衡器的 aws ssl - ec2 实例 https 请求似乎没有被 ELB 终止 - aws ssl with load balancer - ec2 instance https requests seems not terminated by ELB 在AWS Load Balancer中将HTTP请求路由到HTTPS - Route HTTP request to HTTPS in AWS Load Balancer AWS 应用程序负载均衡器 - https 无法正常工作 - AWS Application Load Balancer - https not working properly 将 http 重定向到 https AWS 应用程序负载均衡器 - Redirect http to https AWS Application Load Balancer AWS 将错误的 SSL 证书分配给负载均衡器 - AWS is assigning wrong SSL certificate to Load Balancer
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM