如何在 AWS Docker 上启用 HTTPS
[英]How to enable HTTPS on AWS Docker
问题描述
Hi there,
你好呀,
I have been struggling running a single instance Docker with HTTPS on AWS.我一直在努力在 AWS 上运行带有 HTTPS 的单实例 Docker。
The HTTP access is working properly but I cannot access HTTPS (Google Chrome showing "This site can't be reached"). HTTP 访问工作正常,但我无法访问 HTTPS(谷歌浏览器显示“无法访问此站点”)。
Here we have a single instance with Elastic Beanstalk.这里我们有一个带有 Elastic Beanstalk 的实例。 So there is no Load Balancer, and the certificates are hosted on the instance.所以没有负载均衡器,证书托管在实例上。
I followed this tutorial: AWS HTTPS Single Instance Docker我遵循了本教程: AWS HTTPS Single Instance Docker
The Instance is working properly, my certificates are uploaded properly and the nginx config too.实例工作正常,我的证书正确上传,nginx 配置也是如此。 This is what I got so far:这是我到目前为止得到的:
- Tried to setup the Security Group to allow TCP 443, did not work.试图设置安全组以允许 TCP 443,但没有奏效。
- Tried to setup the Security Group to allow All Traffic to Anywhere, did not work.试图设置安全组以允许所有流量到达任何地方,但没有奏效。
- HTTP access from my domain name is working, which makes me believe it is not a DNS problem.来自我的域名的 HTTP 访问有效,这让我相信这不是 DNS 问题。
- HTTPS access is working with curl from the instance, so nginx config looks good to me (with log access working properly). HTTPS 访问正在从实例使用 curl,因此 nginx 配置对我来说看起来不错(日志访问正常工作)。
- The
/var/log/nginx/access.logdoes not shows any results when I hit my domain name with HTTPS.当我使用 HTTPS 访问我的域名时,/ /var/log/nginx/access.log没有显示任何结果。
Here is my Security Group values这是我的安全组值
Port range Protocol Source Security groups
80 TCP sg-03d37000000000000 MY_SECURITY_GROUP
All All 0.0.0.0/0 MY_SECURITY_GROUP
All All ::/0 MY_SECURITY_GROUP
443 TCP 0.0.0.0/0 MY_SECURITY_GROUP
When I hit the instance nginx in HTTPS当我在 HTTPS 中点击实例 nginx 时
(insecure is because certificate domain name is not 127.0.0.1, the API result is correct) (不安全是因为证书域名不是127.0.0.1,API结果正确)
[ec2-user@ip-123-345-67-89 nginx]$ curl --insecure https://127.0.0.1
{"status":"ok","api":"sdk"}
This is what I get from Google Chrome when trying to access the website Google Chrome showing "This site can't be reached"这是我在尝试访问显示“无法访问此站点”的 Google Chrome网站时从 Google Chrome 获得的信息
Here is the logs from nginx access这是来自 nginx 访问的日志
[ec2-user@ip-123-345-67-89 nginx]$ tail -f /var/log/nginx/access.log
AWS_IP - - [01/Oct/2020:14:02:48 +0000] "GET / HTTP/1.1" 200 56 "-" "ELB-HealthChecker/2.0" "-"
MY_IP - - [01/Oct/2020:14:02:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ..." "123.345.67.89"
AWS_IP - - [01/Oct/2020:14:02:57 +0000] "GET / HTTP/1.1" 200 56 "-" "ELB-HealthChecker/2.0" "-"
AWS_IP - - [01/Oct/2020:14:03:03 +0000] "GET / HTTP/1.1" 200 56 "-" "ELB-HealthChecker/2.0" "-"
127.0.0.1 - - [01/Oct/2020:14:03:10 +0000] "GET / HTTP/1.1" 200 27 "-" "curl/7.61.1" "-"
AWS_IP - - [01/Oct/2020:14:03:12 +0000] "GET / HTTP/1.1" 200 56 "-" "ELB-HealthChecker/2.0" "-"
So far I believe there is something wrong between my AWS config and the instance as everything is working on the instance.到目前为止,我认为我的 AWS 配置和实例之间存在问题,因为一切都在实例上运行。
But the AWS Config looks good to me so I have no other ideas about the origin of my issue.但是 AWS Config 对我来说看起来不错,所以我对我的问题的起源没有其他想法。
Any help would be appreciated.任何帮助,将不胜感激。 Thanks a lot for reading all of this.非常感谢您阅读所有这些。
1 个解决方案
解决方案1
1 已采纳 2020-10-02 02:25:37
Based on the comments.根据评论。
The issue was caused by using load-balanced EB environment by mistake, rather then single-instance one.该问题是由于错误使用负载平衡的 EB 环境而不是单实例环境引起的。
The solution was to change the load-balanced EB environment to single-instance one in EB console.解决方案是将负载平衡的 EB 环境更改为 EB 控制台中的单实例环境。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.