[英]Deploy Spring Boot application on AWS Elastic Beanstalk with automatic SSL certificates
Let's say I have a Spring Boot project that produces a JAR file www.example.com.jar
which using its embedded HTTP server shows a example page showing the word "Example".假设我有一个 Spring 启动项目,该项目生成一个 JAR 文件www.example.com.jar
,它使用其嵌入式 HTTP 服务器显示一个示例页面,显示单词“Example”。
https://www.example.com/
.我希望我的自定义域支持 SSL/TLS,即https://www.example.com/
。What are the options to meet all these requirements?满足所有这些要求的选项是什么? (Most of the tutorials I've seen skip the SSL part altogether, even though SSL is mandatory on today's web). (我看到的大多数教程都完全跳过了 SSL 部分,尽管 SSL 在今天的网络上是强制性的)。
Lastly if this is simply not possible with a bare JAR file, but would be possible with a bare Docker image, I would be interested in meeting these same requirements using a bare Docker image.最后,如果这对于裸 JAR 文件根本不可能,但对于裸 Docker 图像是可能的,我有兴趣使用裸 Docker 图像来满足这些相同的要求。
I want to deploy this bare JAR file on AWS Elastic Beanstalk.我想在 AWS Elastic Beanstalk 上部署这个裸文件 JAR。
I do not want a solution that requires me to create an EC2 instance;我不想要一个需要我创建 EC2 实例的解决方案; I want to deploy a bare JAR.我想部署一个裸机 JAR。
These two statements don't make sense to me.这两个陈述对我来说没有意义。 You want to use Elastic Beanstalk, but you don't want to use EC2 instances?您想要使用 Elastic Beanstalk,但又不想使用 EC2 实例? Elastic Beanstalk is nothing more than a service that manages EC2 instances for you. Elastic Beanstalk 只不过是一项为您管理 EC2 实例的服务。 When you deploy your application with Elastic Beanstalk it is going to create one or more EC2 instances and deploy your application on those.当您使用 Elastic Beanstalk 部署您的应用程序时,它将创建一个或多个 EC2 实例并将您的应用程序部署在这些实例上。
To deploy your Spring Boot application to Elastic Beanstalk, follow this official guide .要将 Spring Boot 应用程序部署到 Elastic Beanstalk,请遵循此官方指南。
To meet your SSL requirements, you need to create an SSL certificate in AWS ACM for the domain you own ( www.example.com ), and pick DNS validation.为了满足您的 SSL 要求,您需要在 AWS ACM 中为您拥有的域 ( www.example.com ) 创建一个 SSL 证书,并选择 DNS 验证。 Then create the DNS record it tells you to, to validate your ownership of the domain.然后创建它告诉您的 DNS 记录,以验证您对该域的所有权。
Next, deploy your Java application to Elastic Beanstalk with a load balancer.接下来,使用负载均衡器将您的 Java 应用程序部署到 Elastic Beanstalk。 Then attach the AWS ACM certificate to the load balancer.然后将 AWS ACM 证书附加到负载均衡器。 Finally, create a DNS CNAME record for www.example.com
that points to the DNS name of the load balancer.最后,为www.example.com
创建一条 DNS CNAME 记录,指向负载均衡器的 DNS 名称。 You don't need to use Route53 for this unless you are trying to point a root domain ( example.com
instead of www.example.com
) to your load balancer.您不需要为此使用 Route53,除非您尝试将根域( example.com
而不是www.example.com
)指向您的负载均衡器。
Might have stumbled through to satisfaction of all of these requirements except for potentially the automatic renewal / re-installation of the certificate:除了可能自动更新/重新安装证书之外,可能已经偶然满足了所有这些要求:
One of the most difficult parts was arranging for the redirection of HTTP traffic to HTTPS. The documentation was leading me to an.ebextensions config solution -- but that seemed problematic because it seemed to be setting up a chicken-and-egg problem for testing the configuration.最困难的部分之一是安排将 HTTP 流量重定向到 HTTPS。文档引导我找到 .ebextensions 配置解决方案——但这似乎有问题,因为它似乎正在为测试设置一个先有鸡还是先有蛋的问题配置。 I felt relieved when I found some documentation about how to configure load balancer rules that actually led me to functionality I needed to set up the redirection in the load balancer itself: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-rules.html#edit-rule当我找到一些关于如何配置负载均衡器规则的文档时,我感到如释重负,这些文档实际上引导我实现了在负载均衡器本身中设置重定向所需的功能: https://docs.aws.amazon.com/elasticloadbalancing/latest/应用程序/listener-update-rules.html#edit-rule
Prior to redirecting to HTTPS, I had to set up HTTPS on the load balancer.在重定向到 HTTPS 之前,我必须在负载均衡器上设置 HTTPS。 The doc I used for that was https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html我为此使用的文档是https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html
To get the public certificate set up for my custom domain, I used ACM: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html为了为我的自定义域设置公共证书,我使用了 ACM: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
And originally, I got going with a hosted zone for my custom domain with Route 53. And I had to go to my domain registrar, godaddy, to set up the DNS entries to utilize Route 53. Once DNS was pointed to the AWS Hosted Zone DNS hosts, I didn't really have to go back to godaddy any more.最初,我使用 Route 53 为我的自定义域设置了一个托管区域。我必须向我的域注册商 godaddy 发送 go,以设置 DNS 条目以使用 Route 53。一旦 DNS 指向 AWS 托管区域DNS 主机,我真的不必再将 go 返回给 godaddy。
I'm about 4 or 5 days into this effort, so my head is still spinning a bit.我已经进行了大约 4 或 5 天的努力,所以我的头还在旋转。 The directions I followed to get the application launched initially were the ones at https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-se-platform.html .我最初启动应用程序所遵循的说明是https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/java-se-platform.html中的说明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.