[英]Do I have to configure SSL certificates files in nginx.conf file behind AWS Application Load Balancer?
I have a configuration in AWS EC2 for HTTPS incoming connections.我在 AWS EC2 中有一个用于 HTTPS 传入连接的配置。 As I am a newbie to this stuff, I have nginx config which in an old-fashioned way I would edit like this: https://nginx.org/en/docs/http/configuring_https_servers.html .
由于我是这个东西的新手,我有 nginx 配置,我会以一种老式的方式进行编辑: https://nginx.org/en/docs/http/configuring_https_servers.html 。
Though, in AWS EC2 I can add certificates to it and then redirect both 443 and 80 ports connections to, say, port 8000 where my nginx runs as a reverse proxy.不过,在 AWS EC2 中,我可以向其添加证书,然后将 443 和 80 端口连接重定向到,例如,我的 nginx 作为反向代理运行的端口 8000。
Does nginx still have to have these certificates files locally and their paths added to the config or should traffic be decoded by ELB and sent to nginx decoded? nginx 是否仍然必须在本地拥有这些证书文件并将它们的路径添加到配置中,还是应该由 ELB 解码流量并发送到 nginx 解码?
You don't have to have SSL certificates on EC2 with nginx, if they are setup in ELB and assigned to HTTPS listener.如果在 ELB 中设置并分配给 HTTPS 侦听器,则您不必在 EC2 上使用 nginx 拥有 SSL 证书。 Just make sure the Target Group for your EC2 is of HTTP type with port 8000.
只需确保您的 EC2 的目标组是端口 8000 的 HTTP 类型。
As mentioned before, certificate should be set up on ALB side.如前所述,应在 ALB 端设置证书。
This configuration of Nginx as reverse proxy behind AWS ALB works for me: Nginx 作为 AWS ALB 背后的反向代理的这种配置对我有用:
server {
listen 80;
listen 443;
server_name server_name;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-HTTPS on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.