Elastic Beanstalk Flask应用程序上的HTTPS
[英]HTTPS on Elastic Beanstalk Flask application
问题描述
I have been trying get SSL enabled on my AWS Elastic Beanstalk(eb) application with not much luck so far. 
我一直在尝试在我的AWS Elastic Beanstalk(eb)应用程序上启用SSL,但到目前为止还不太幸运。
After following the documentation for configuring https access on eb , I created a self-signed certificate which I believe to be enough if one just wants encryption. 遵循在eb上配置https访问的文档之后,我创建了一个自签名证书,我相信如果一个人只想加密就足够了。
I created a eb environment which used a load balancer and after uploading the certificate, I was able to use it and pick the secure listening port (8443). 我创建了一个使用负载平衡器的eb环境,并在上载证书后可以使用它并选择安全的侦听端口(8443)。
On the EC2 load balancer, I created a listener for 在EC2负载平衡器上,我创建了一个监听器
HTTPS 8443 HTTP 80 <cert file>
I then gave the load balancer and the eb instance a security group that had the rule: 然后,我给负载均衡器和eb实例一个具有以下规则的安全组:
Custom TCP Rule TCP 8443 0.0.0.0/0
I also included a config in .ebextensions pointing like the documentation told me: 我还在.ebextensions中包含一个配置,指向的方式就像文档中告诉我的那样:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupName: {Ref : <security_group_name>}
IpProtocol: tcp
ToPort: 8443
FromPort: 8443
CidrIp: 0.0.0.0/8443
Then in my flask application the application had these parameters: 然后在我的flask应用程序中,该应用程序具有以下参数:
from OpenSSL import SSL
from flask_sslify import SSLify
context = SSL.Context(SSL.TLSv1_2_METHOD)
context.use_privatekey_file('/home/ec2-user/privatekey.pem')
context.use_certificate_file('/home/ec2-user/server.crt')
basic_auth = BasicAuth(application)
sslify = SSLify(application)
if __name__ == '__main__':
application.run(host='0.0.0.0', port=8443, ssl_context=context)
Now when I go to the instance's public IP prefixed with https:// I get this: 现在,当我转到以https://开头的实例的公共IP时,会得到以下信息:
Google Chrome Connection info (can't post images with current rep ughh) Google Chrome浏览器的连接信息 (无法发布具有当前代表的图片)
Which makes me think that I have the encryption I'm after but the Flask server connection log still shows clear requests (expected to see jumbled, encrypted request info). 这让我觉得我已经进行了加密,但是Flask服务器连接日志仍然显示清晰的请求(预计会看到混乱的加密请求信息)。
When I connect with the *.elasticbeanstalk.com address I get nothing. 当我连接到* .elasticbeanstalk.com地址时,我什么也没得到。
So I guess I have two questions: 所以我想我有两个问题:
1) Does this mean I have encryption? 1) 这是否意味着我已加密?
2) Why can't I access the instance with my elasticbeanstalk url? 2) 为什么我无法使用我的Elasticbeanstalk URL访问实例?
1 个解决方案
解决方案1
0 2015-07-21 13:58:09
Your ELB config is listen HTTPS request on port 8443 and make a proxy request to EC2 HTTP port. 您的ELB配置是在端口8443上侦听HTTPS请求,并向EC2 HTTP端口发出代理请求。 So, your EC2 must listen on HTTP port. 因此,您的EC2必须在HTTP端口上侦听。 But, it means that you terminate your SSL request on ELB. 但是,这意味着您将在ELB上终止SSL请求。
If you want your EC2 listen HTTPS request on port 8443, your ELB config should be: 如果要让EC2在端口8443上侦听HTTPS请求,则ELB配置应为:
HTTPS 8443 HTTPS 8443 <cert_file>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.