如何使用SSL连接到AWS“应用程序负载平衡器”
[英]how do I connect to an AWS “Application Load Balancer” with SSL
问题描述
I have just set up my first "Application Load Balancer" and I chose the SSL option to connect allowing AWS to generate the certificate for me based on my domain (www.example.com). 
我刚刚设置了第一个“应用程序负载平衡器”,并且选择了SSL选项进行连接,从而使AWS可以根据我的域(www.example.com)为我生成证书。
I have set the target to my EC2 instance and now I want to connect to the Load Balancer but not sure how. 我已将目标设置为我的EC2实例,现在我想连接到负载均衡器,但不确定如何。 If I just connect to the DNS name of the load balancer I get an invalid certificate error. 如果仅连接到负载均衡器的DNS名称,则会收到无效的证书错误。
I have read that I need to set a record for my domain but because the IP of an application load balancer may change, not sure if that is a good idea. 我已经读到我需要为我的域设置一个记录,但是由于应用程序负载平衡器的IP可能会更改,因此不确定这是否是一个好主意。
The documentation mentions the following: 该文档提到以下内容:
Clients can use the Server Name Identification (SNI) protocol extension to specify the hostname they are trying to reach.
But I couldn't figure out how to do that. 但是我不知道该怎么做。 I'm very new to Load Balancers and not quite sure how to proceed. 我对负载均衡器很陌生,不太确定如何进行。
1 个解决方案
解决方案1
2 已采纳 2018-02-08 10:01:27
The following problem is easy to solve with AWS Route 53 : 使用AWS Route 53可以轻松解决以下问题:
- Create a hosted zone in Route 53 在Route 53中创建托管区域
- Choose the name of the hosted zone that has the domain name that you want to use to route traffic to your load balancer 选择具有您要用来将流量路由到负载均衡器的域名的托管区域的名称
- Choose Create Record Set . 选择创建记录集 。
Specify the following values:
指定以下值: Name :
名称 : Type the domain name that you want to use to route traffic to your ELB load balancer.
键入要用于将流量路由到ELB负载平衡器的域名。 The default value is the name of the hosted zone. 默认值为托管区域的名称。 For example, if the name of the hosted zone is example.com and you want to use acme.example.com to route traffic to your load balancer, type acme.
例如,如果托管区域的名称是example.com,并且您想使用acme.example.com将流量路由到负载均衡器,请键入acme。 Type :
类型 : Choose A – IPv4 address.
选择一个– IPv4地址。 Alias :
别名 : Choose Yes.
选择是。 Alias Target
别名目标 Find the applicable category in the list (ELB Application Load Balancers, ELB Classic Load Balancers, or ELB Network Load Balancers) , and then choose the name that you assigned to the load balancer when you created it.
在列表中找到适用的类别(ELB应用程序负载平衡器,ELB经典负载平衡器或ELB网络负载平衡器) ,然后选择在创建负载平衡器时分配给它的名称。 Routing Policy : Accept the default value of Simple .
路由策略 :接受默认值Simple 。 Evaluate Target Health :
评估目标健康状况 : If you want Route 53 to route traffic based on the health of your resources, choose Yes
如果希望Route 53根据资源的健康状况路由流量,请选择“ 是”。 Choose Create .
选择创建 。
Also If you don't want to use Route 53 and if it's not at the apex, you use a CNAME to the ELB. 另外,如果您不想使用Route 53并且不在顶点处,则可以对ELB使用CNAME 。
Refer to this Guide 请参阅本指南
Something like : 就像是 :
my.web.thingy.org CNAME my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com.
And yes you are correct the IP of ELB Changes Frequently and thus it is not recommended to use A Record in DNS. 是的,您是正确的,经常更改ELB的IP,因此不建议在DNS中使用A记录。
Hope this Helps 希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.