堆栈内存溢出
  简体   繁体   English

一个EC2实例上有多个SSL证书

[英]Multiple SSL certs on one EC2 instance

 原文  2017-03-07 23:43:36       amazon-web-services/ ssl/ amazon-ec2/ https/ lets-encrypt

问题描述

I have an ec2 instance which is pointed to by 2 different domains (.com.au and .co.nz). 我有一个由2个不同的域(.com.au和.co.nz)指向的ec2实例。 This works fine. 这很好。

I am trying to set up SSL for both domains. 我正在尝试为两个域都设置SSL。 Currently I have used LetsEncrypt and successfully set up SSL for the co.nz domain, and now wish to do the same for the .com.au. 目前,我已经使用LetsEncrypt并成功为co.nz域设置了SSL,现在希望对.com.au做同样的事情。

I have followed the guide here: 我在这里遵循了指南:

https://www.haktansuren.com/installing-free-letsencrypt-ssl-multiple-domains-sub-domains-amazon-web-services-aws-ec2-simple-way/ https://www.haktansuren.com/installing-free-letsencrypt-ssl-multiple-domains-sub-domains-amazon-web-services-aws-ec2-simple-way/

But when I run the .com.au site through SSLLabs.com I get a "Certificate name mismatch error" and when I try to go straight to the .com.au domain I get this (from chrome) "This server could not prove that it is **.com.au; its security certificate is from **.co.nz." 但是,当我通过SSLLabs.com运行.com.au网站时,出现“证书名称不匹配错误”,当我尝试直接进入.com.au域时,(从chrome)得到了“该服务器无法证明它是**。com.au;其安全证书来自**。co.nz。”

The .com.au domain is the second "virtual host" entry in the ss.conf file, and when I change the order then I get the same error for the .co.nz domain so it seems to be only reading one of the entries or something? .com.au域是ss.conf文件中的第二个“虚拟主机”条目,当我更改顺序时,.co.nz域出现相同的错误,因此似乎只读取其中一个。条目还是什么?

Thanks a bunch for any help 谢谢大家的帮助

2 个解决方案

解决方案1
 0  2017-03-08 10:45:21

  1. You can create a free certificate for any domain you want using ACM . 您可以使用ACM为想要的任何域创建免费证书。
  2. Create a Elastic Load Balancer and select the certificate you've just created. 创建一个弹性负载均衡器,然后选择您刚刚创建的证书。
  3. Connect the EC2 instance to Elastic Load Balancer 将EC2实例连接到Elastic Load Balancer

The best practice is to create a Launch Configuration and create a Auto Scaling Group and let the ASG handle creation of EC2 instances. 最佳实践是创建启动配置并创建Auto Scaling组,然后让ASG处理EC2实例的创建。 In AWS your instances can be killed at any time, it is not a good practice to rely on a single EC2 instance. 在AWS中,您的实例可以随时被杀死,依靠单个EC2实例不是一个好习惯。 You can lose it suddenly with all data you might have stored in the ephemeral storage! 您可能会暂时将所有可能存储在临时存储中的数据丢失!

解决方案2
 0  2017-09-06 11:55:35

In case of Apache: 如果是Apache:

You can terminate SSL certificates either at ELB or Apache/Nginx(server) level 您可以在ELB或Apache / Nginx(服务器)级别终止SSL证书

In case of multi-tenant(multi-client) architecture, we may need to support different customers(with different domains - *.abc.com, *.xyz.com) under a single ELB, which will not work in an existing ELB setup. 如果是多租户(多客户端)架构,我们可能需要在单个ELB下支持不同的客户(具有不同的域-* .abc.com,*。xyz.com),而这在现有的ELB中将不起作用设定。

Solution: You can do this by adding listeners in ELB like below: TCP 443 (instead of HTTPS - 443) - this will pass through the 443 requests Then, you can terminate the SSL certificates at the server level 解决方案:您可以通过在ELB中添加侦听器来实现此目的,如下所示:TCP 443(而不是HTTPS-443)-这将通过443请求,然后,您可以在服务器级别终止SSL证书

You have to purchase the certificate from external vendors (like GoDaddy) and install & terminate the certificates at the server level. 您必须从外部供应商(例如GoDaddy)购买证书,然后在服务器级别安装和终止证书。

Eg, Apache virtual host looks like 例如,Apache虚拟主机看起来像 

NameVirtualHost *:443
<VirtualHost *:443>
        ServerName abc.com

        ####abc HTTPS Certificate
        SSLEngine on
        SSLCertificateFile /opt/organization/site/ssl_keys/abc/abc_gd.crt
        SSLCertificateKeyFile /opt/organization/site/ssl_keys/abc/abc.pem
        SSLCertificateChainFile /opt/organization/site/ssl_keys/abc/abc_gd_bundle.crt

        WSGIScriptAlias / /opt/organization/site/deployment-config/abc.wsgi

        ServerSignature On
        Alias /media/ /opt/organization/site/media/
        <Directory /opt/organization/site/media/>
        Order deny,allow
        Allow from all
        </Directory>
</VirtualHost>

NameVirtualHost *:80
<VirtualHost *:80>
        ServerName abc.com

        #Rewrite to HTTPS in case of HTTP
        RewriteEngine On
        RewriteCond %{SERVER_NAME} abc.com
        RewriteCond %{HTTP:X-Forwarded-Proto} !https
        RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

        WSGIScriptAlias / /opt/organization/site/deployment-config/abc.wsgi
        ServerSignature On
        Alias /media/ /opt/organization/site/media/
        <Directory /opt/organization/site/media/>
        Order deny,allow
        Allow from all
        </Directory>
</VirtualHost>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 一个网站可以连接多个EC2实例? - One Website to be connected with Multiple EC2 Instance? Amazon EC2中具有不同SSL证书的多个虚拟主机 - Several vhosts with different SSL certs in Amazon EC2 AWS在一个EC2实例上托管多个域 - AWS Host Multiple Domains On One EC2 Instance 在一个大型EC2(para或HVM)实例中运行多个VM - Running multiple VMs in one large EC2 ( para or HVM ) instance 通过 AWS ECS 在一个 EC2 实例中的多个 docker 容器 - Multiple docker containers in one EC2 instance through AWS ECS 多个微型与一个大型 ec2 实例 - multiple micro vs. one large ec2 instance 一个 EC2 实例 (AWS) 下的多个 WordPress Multisite - Multiple WordPress Multisite under one EC2 instance (AWS) 在EC2实例上设置SSL证书 - Setup an SSL certificate on an EC2 instance SSL 用于 AWS EC2 实例上的 Apache ActiveMQ - SSL for Apache ActiveMQ on AWS EC2 instance SSL无法用于我的AWS EC2实例 - SSL is not working for my AWS EC2 instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM