如何为在 aws EC2 中的 docker 上运行的 node.js 服务器设置 https
[英]How to set up https for a node.js server running on docker in aws EC2
问题描述
I have a dockerised node.js/express app running on an aws ec2 instance container.
我有一个在 aws ec2 实例容器上运行的 dockerised node.js/express 应用程序。 Right now my app is running on a domain name hosted by aws route 53. When I go to the domain name the protocol used is http.现在我的应用程序运行在由 aws route 53 托管的域名上。当我转到域名时,使用的协议是 http。 How can I set up https for a node.js server running on docker in aws EC2?如何为在 aws EC2 中的 docker 上运行的 node.js 服务器设置 https?
This is what I have done so far.这是我迄今为止所做的。
- I have set up a load-balancer on my ec2 instance with the target being https port 433.我已经在我的 ec2 实例上设置了一个负载均衡器,目标是 https 端口 433。
- I have a certificate with aws certificate manager with domain name as *.example.com.我有一个带有 aws 证书管理器的证书,域名为 *.example.com。 Issued by aws.由 aws 发布。
- Do I need to do anything with docker since my app is being accessed through it.我是否需要对 docker 做任何事情,因为我的应用程序是通过它访问的。 Does it need any https-enabling configuration?它是否需要任何启用 https 的配置?
Now this is where I get stuck.现在这就是我陷入困境的地方。 From this documentation I can see that I need a copy of the certificate in my server for https to work with my server.从该文档中,我可以看到我需要服务器中的证书副本,以便 https 与我的服务器一起使用。
- Where do I get this copy?我从哪里得到这个副本? So I can put it in my server.所以我可以把它放在我的服务器上。 Do I even need to do that?我什至需要这样做吗?
- Is the certificate in my aws certificate manager same as any other certificate issued by a certificate authority?我的 aws 证书管理器中的证书是否与证书颁发机构颁发的任何其他证书相同? If yes How can I see the private and public keys used in the https encryption?如果是,如何查看 https 加密中使用的私钥和公钥?
I am new to devops and aws.我是 devops 和 aws 的新手。 If you could outline your answer in steps, from the beginning, it would be much appreciated.如果您能从一开始就逐步概述您的答案,将不胜感激。 I have a dockerised node.js/express app running on an aws ec2 instance container accessible by an aws route53 hosted domain name.我有一个在 aws ec2 实例容器上运行的 dockerised node.js/express 应用程序,可通过 aws route53 托管域名访问。 From here how can I change the default connection protocol from http to https?从这里如何将默认连接协议从 http 更改为 https?
1 个解决方案
解决方案1
0 2020-09-02 12:41:42
Elastic Load Balancer is nice enough to append an extra request header to the request (x-forwarded-proto) which tells us from which protocol the request originated from. Elastic Load Balancer 足够好,可以将额外的请求标头附加到请求 (x-forwarded-proto) 中,它告诉我们请求源自哪个协议。 We can use this in an Express middleware to do redirections:我们可以在 Express 中间件中使用它来进行重定向:
function forceHttps(req, res, next) {
const xfp =
req.headers["X-Forwarded-Proto"] || req.headers["x-forwarded-proto"];
if (xfp === "http") {
res.redirect(301, `https://${hostname}${req.url}`);
} else {
next();
}
}
server.use(forceHttps);
or use the npm package https://www.npmjs.com/package/@crystallize/elasticloadbalancer-express-force-https或使用 npm 包https://www.npmjs.com/package/@crystallize/elasticloadbalancer-express-force-https
const express = require('express');
const forceHttps = require('@crystallize/elasticloadbalancer-express-force-https');
const server = express();
server.use(forceHttps());
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.