ec2 实例中的服务器返回 https 流量的最简单方法是什么?
[英]What's the easiest way for server in ec2 instance return https traffic?
问题描述
I have a Springboot application running in an EC2 instance (ubuntu-bionic-18.04-amd64).
我有一个在 EC2 实例(ubuntu-bionic-18.04-amd64)中运行的 Springboot 应用程序。 The program when run returns JSON responses on the default port 8080. The url looks like http://ec2-3-17-69-122.us-east-2.compute.amazonaws.com:8080/users/rayyanshaji/todos/ . The program when run returns JSON responses on the default port 8080. The url looks like http://ec2-3-17-69-122.us-east-2.compute.amazonaws.com:8080/users/rayyanshaji/todos/ 。
What I need to accomplish is https instead of http so that my frontend UI accepts incoming https traffic.我需要完成的是 https 而不是 http 以便我的前端 UI 接受传入的 https 流量。
What I have tried so far: Got my own domain name from AWS Route 53, got a certificate using ACM(Amazon Certificate Manager) and used it to create an inbound HTTPS 443 Listener in an Elastic Load Balancer.到目前为止我所尝试的:从 AWS Route 53 获得我自己的域名,使用 ACM(Amazon Certificate Manager)获得证书,并使用它在弹性负载均衡器中创建入站 HTTPS 443 侦听器。 Added security groups which allow inbound traffic on both port 80, and port 443.添加了允许端口 80 和端口 443 上的入站流量的安全组。
I know that the above steps aren't gonna work, as this is what I get on running netstat -tulpn command我知道上述步骤行不通,因为这是我在运行netstat -tulpn命令时得到的
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 172.31.39.227:68 0.0.0.0:* -
It seems that my server isn't configured to either accept https requests nor give out https responses.似乎我的服务器未配置为接受 https 请求或发出 https 响应。
I am quite stuck here now, as I'm not an expert using linux.我现在很困在这里,因为我不是使用 linux 的专家。 I've just started learning deployment on EC2 instances.我刚刚开始学习 EC2 实例上的部署。 I searched a lot on solutions, but could rarely find anything on Java.我在解决方案上搜索了很多,但在 Java 上几乎找不到任何东西。
I really need this roadblock to be fixed, so that I can resume development on my project.我真的需要解决这个障碍,这样我才能恢复我的项目的开发。 Any advice would really be appreciated.任何建议将不胜感激。 Thanks in advance.提前致谢。
1 个解决方案
解决方案1
1 2019-11-09 05:49:15
You are on the right path and it is appreciable that you are able to configure the load balancer with HTTPs listener and ACM certificate.您走在正确的道路上,很明显您能够使用 HTTPs 侦听器和 ACM 证书配置负载均衡器。
First I must tell you that your actual ec2 instance needs not to talk HTTPS as this will be handled by the load balancer.首先我必须告诉你,你的实际 ec2 实例不需要谈论 HTTPS,因为这将由负载均衡器处理。 Load balancer will act as the SSL terminator for all the incoming connections.负载均衡器将充当所有传入连接的 SSL 终结器。 So all the SSL handshake will be between the clients and the load balancer.因此,所有 SSL 握手都将在客户端和负载均衡器之间进行。 On the downstream of load balancer, it can talk to your ec2 instance to http port only, which means whether the request comes on HTTP/HTTPs port on load balancer, it can forward to your EC2 instance on HTTP port only.在负载均衡器的下游,它只能与您的 ec2 实例与 http 端口通信,这意味着请求是否来自负载均衡器上的 HTTP/HTTPS 端口,它只能转发到您的 EC2 实例在 HTTP 端口上。
So just configure your load balancer target groups to take input requests on different HTTP/HTTPs port and forward to your EC2 instance on the single HTTP port.因此,只需将您的负载均衡器目标组配置为在不同的 HTTP/HTTPS 端口上接收输入请求,并在单个 HTTP 端口上转发到您的 EC2 实例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.