[英]How do I configure elastic beanstalk to use https with an ACM certificate?
I used the AWS certificate manager to create an ACM certificate. 我使用AWS证书管理器来创建ACM证书。
I followed this guide: https://medium.com/@arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8#.kjh1mqdzq to configure the load balancer using the aws cli. 我遵循了该指南: https ://medium.com/@arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8#.kjh1mqdzq使用aws cli配置负载均衡器。
When I look at my load balancers, I now see 443(HTTPS, ACM Certification:[arn]) forwarding to 80 (HTTP) under Port Configuration 当我查看负载均衡器时,现在在端口配置下看到443(HTTPS,ACM认证:[arn])转发到80(HTTP)
However, if I type in https in my browser I get the "your connection is not private" message from chrome. 但是,如果我在浏览器中输入https,则会从chrome收到“您的连接不是私有”消息。
Is there another step that I'm missing? 我还缺少其他步骤吗?
You haven't given this info, but I'm assuming you have a CNAME for www.yourdomain.com that is resolving to loadbalancer.amazonaws.com. 您尚未提供此信息,但是我假设您有一个用于解析www.yourdomain.com的CNAME,该域名正在解析为loadbalancer.amazonaws.com。
You are getting the ERR_INSECURE_RESPONSE error because you are using a CNAME which is resolving to loadbalancer.amazonaws.com. 由于使用的CNAME正在解析到loadbalancer.amazonaws.com,因此出现ERR_INSECURE_RESPONSE错误。 Since your certificate is for www.yourdomain.com, it is giving a valid error.
由于您的证书适用于www.yourdomain.com,因此给出了有效的错误。 CNAME and Alias operate slightly differently.
CNAME和Alias的操作略有不同。 With a CNAME the traffic is not a valid alias of your domain so if you're trying to secure it, you will receive errors.
使用CNAME时,流量不是您域的有效别名,因此,如果您尝试保护它的安全,则会收到错误消息。 However, when you create an A record for www and alias that to loadbalancer.amazonaws.com now any traffic from loadbalancer.amazonaws.com on www.yourdomain.com is valid traffic for your domain and you will no longer have those errors.
但是,当您为www创建A记录并为loadbalancer.amazonaws.com创建别名时,现在www.yourdomain.com上来自loadbalancer.amazonaws.com的任何流量对于您的域都是有效的流量,并且您将不再出现这些错误。
In order to terminate secure traffic for www.yourdomain.com at loadbalancer.amazonaws.com you need to have an A record that will alias there. 为了在loadbalancer.amazonaws.com终止www.yourdomain.com的安全流量,您需要有一个在此处别名的A记录。 Unfortunately, ELB's only provide a DNS entry, no IP address, but many DNS providers (ie GoDaddy) will not allow you to have a DNS A record that is aliased to a DNS address;
不幸的是,ELB只提供一个DNS条目,没有IP地址,但是许多DNS提供商(例如GoDaddy)都不允许您使用别名为DNS地址的DNS A记录。 they require you to alias to an IP address.
它们要求您将别名别名为IP地址。 Which makes life a bit more complex.
这使生活变得更加复杂。
There are a couple ways to accomplish this (URL forwarding and masking is not supported by SSL), but the easiest solution is to use Route 53. Use of Route 53 doesn't require you to register or transfer your name to AWS and a hosted zone is just $0.50/month per domain. 有两种方法可以完成此操作(SSL不支持URL转发和屏蔽),但是最简单的解决方案是使用Route53。使用Route 53不需要您将名称注册或转让给AWS和托管区域每个域每月只需$ 0.50。
To use Route 53 follow these steps: 要使用Route 53,请按照下列步骤操作:
Now Route 53 is handling your DNS for you. 现在,Route 53正在为您处理DNS。 And loadbalancer.amazonaws.com is a valid alias of www.mydomain.com.
并且loadbalancer.amazonaws.com是www.mydomain.com的有效别名。 Since loadbalancer.amazonaws.com is now a valid alias of www.yourdomain.com when you visit www.yourdomain.com your ELB at loadbalancer.amazonaws.com will terminate the traffic as www.yourdomain.com and your error will be resolved.
由于loadbalancer.amazonaws.com现在是www.yourdomain.com的有效别名,因此当您访问www.yourdomain.com时,位于loadbalancer.amazonaws.com的ELB将以www.yourdomain.com终止流量,您的错误将得到解决。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.