AWS Elb 后端身份验证
[英]AWS Elb backend authentication
问题描述
I was reading about backend authentication option in AWS ELB.
我正在阅读 AWS ELB 中的后端身份验证选项。
What it mentions is there is a instance public key (.pem encoded) to be configured in ELB.它提到的是要在 ELB 中配置一个实例公钥(.pem 编码)。
What I could not understand is what is this key or certificate?我无法理解的是这个密钥或证书是什么?
Since it is optional will the traffic will still be encrypted between ELB and EC2 instances if port 443 is used.由于它是可选的,因此如果使用端口443 ,ELB 和 EC2 实例之间的流量仍将被加密。
There is no details mentioned on how to actually do this.没有提到如何实际执行此操作的详细信息。 Basically I want end to end encryption from user to elb and elb to ec2.基本上我想要从用户到 elb 和 elb 到 ec2 的端到端加密。
1 个解决方案
解决方案1
1 2020-07-19 15:13:16
Basically what this is saying is that if you what encryption in transit for the entire journey you will need to install an SSL certificate on your EC2 instance.基本上这就是说,如果您在整个旅程中使用什么加密,您将需要在您的 EC2 实例上安装 SSL 证书。 The journey will look like the below.旅程将如下所示。
client ---(HTTPS)--> load balancer ---(HTTPS)--> EC2 host
You will need to either purchase an SSL, or use a free option such as certbot on your server.您将需要购买 SSL,或者在您的服务器上使用免费选项,例如certbot 。
Then once you have this you will need to configure for the web server software you are running.然后,一旦你有了这个,你将需要为你正在运行的 web 服务器软件进行配置。 Below are some instructions for common web servers:以下是常见的 web 服务器的一些说明:
Ensure that your target group is configured for HTTPS port 443 traffic, to have the load balancer forward requests to HTTPS on your backend.确保您的目标组配置了 HTTPS 端口 443 流量,以使负载均衡器将请求转发到后端的 HTTPS。
If the load balancer to EC2 host is not encrypted (plain HTTP) the clients traffic to load balancer will still be encrypted, but after this will be forward in HTTP.如果到 EC2 主机的负载均衡器未加密(纯 HTTP),则到负载均衡器的客户端流量仍将被加密,但在此之后将在 HTTP 中转发。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.