在 Elastic Beanstalk 单实例上配置 SSL
[英]Configuring SSL on Elastic Beanstalk Single Instance
问题描述
I'm trying to install an SSL cert for my NodeJS Beanstalk instance.
我正在尝试为我的 NodeJS Beanstalk 实例安装 SSL 证书。 Following these instructions from Amazon , I created the YAML file and plugged in my information.按照Amazon 的这些说明,我创建了 YAML 文件并插入了我的信息。
Every time I try to deploy I get this error:每次我尝试部署时都会收到此错误:
The configuration file .ebextensions/singlessl.config in application version 0.0.3 contains invalid YAML or JSON.
I've gone over the thing with a fine-toothed comb, had it validated in multiple validators, even authored it on multiple OS's... but I can't seem to shake this supposed tab character.我已经用细齿梳检查了这个东西,它在多个验证器中进行了验证,甚至在多个操作系统上编写了它......但我似乎无法动摇这个假设的制表符。
Does anyone have an example of a config file like this in JSON?有没有人有这样的 JSON 配置文件示例? My other configs are in JSON and work great.我的其他配置是 JSON 格式,效果很好。 If not, can anyone see what I'm doing wrong here?如果没有,谁能看到我在这里做错了什么?
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {Ref : MyIDHere}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
files:
/etc/nginx/conf.d/ssl.conf:
mode: "000755"
owner: root
group: root
content: |
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
CERT DATA HERE
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
KEY DATA HERE
-----END RSA PRIVATE KEY-----
2 个解决方案
解决方案1
1 已采纳 2015-04-20 16:42:46
At line 10 there is a tab character.在第 10 行有一个制表符。 Deleting this tab should resolve the error you are receiving.删除此选项卡应该可以解决您收到的错误。
When you copied the code from instructions from Amazon, it copied over a tab which will cause this problem.当您从 Amazon 的说明中复制代码时,它复制到一个选项卡上,这将导致此问题。 I encountered the same problem, if you go through the YAML file and make sure that there are no weird white space characters it should work properly.我遇到了同样的问题,如果您查看 YAML 文件并确保没有奇怪的空白字符,它应该可以正常工作。
解决方案2
0 2019-12-23 18:16:59
For me after going through the same routine with AWS Beanstalk Single Instance SSL for HTTPS (for Docker env) and after time spent with figuring out YAML and tabs vs space(or no space after keys footer, or or..) in my editor(Atom/Packages/Whitespace), or even convert YAML to JSON(Atom/Packages/YAML_JSON Converter), I have realized that the initial keys were broken and had to generate a new set :对我来说,在使用 AWS Beanstalk Single Instance SSL for HTTPS(用于 Docker env)完成相同的例程之后,以及在我的编辑器中找出 YAML 和制表符 vs 空格(或键页脚后没有空格,或...)之后的时间之后( Atom/Packages/Whitespace),甚至将 YAML 转换为 JSON(Atom/Packages/YAML_JSON Converter),我已经意识到初始密钥已损坏,必须生成一个新集合:
openssl genrsa 2048 > privatekey.pem
openssl req -new -key privatekey.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out public.crt
# last line is for signing the rsa yourself for development purposes.
And then all worked!然后一切正常! So I can't emphasize how important is to make sure those keys work.所以我不能强调确保这些键工作的重要性。 Seems that the only way to figure it out is to get some errors like this:似乎找出它的唯一方法是得到一些这样的错误:
PEM_read_bio_PrivateKey:ASN1 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I: nested asn1 error
Good luck!祝你好运!
PS: oh and in case you run into a __MACOSX/ error just do this: PS:哦,如果您遇到 __MACOSX/ 错误,请执行以下操作:
zip -d Archive.zip __MACOSX/\*
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.