[英]Can I setup SSL on an AWS provided ALB subdomain without owning a domain?
I have following setup at AWS ECS:我在 AWS ECS 有以下设置:
/api/*
requests to backend在80端口上带有Caddy网络服务器的容器,为 static 文件提供服务,并对后端的/api/*
请求执行代理I want to setup SSL certificate and HTTPS Listener for ALB at this subdomain that was provided by AWS - how I can do it?我想在 AWS 提供的这个子域中为 ALB 设置 SSL 证书和 HTTPS 侦听器 - 我该怎么做?
PS I have seen an option for ALB with HTTPS Listener when we are attaching custom domain ie example.com
and AWS will provide SSL certificate for it. PS当我们附加自定义域时,我已经看到了带有 HTTPS 侦听器的 ALB 选项,即example.com
,AWS 将为它提供 SSL 证书。 But this is a pet project environment and I don't worry about real domain.但这是一个宠物项目环境,我不担心真正的领域。
I want to setup SSL certificate and HTTPS Listener for ALB at this subdomain that was provided by AWS - how I can do it?我想在 AWS 提供的这个子域中为 ALB 设置 SSL 证书和 HTTPS 侦听器 - 我该怎么做?
You can't do this .你不能这样做。 This is not your domain (AWS owns it) and you can't associate any SSL certificate with it.这不是您的域(AWS 拥有它),您不能将任何 SSL 证书与其关联。 You have to have your own domain that you control.您必须拥有自己控制的域。 Once you obtain the domain, you can get free SSL certificate from AWS ACM.获得域后,您可以从 AWS ACM 获得免费的 SSL 证书。
You can put your ALB behind CloudFront , which unlike ALB gives you a TLS certificate by default.您可以将 ALB 放在CloudFront后面,与 ALB 不同,它默认为您提供 TLS 证书。 So you can address your application at eg:因此,您可以通过以下方式处理您的申请:
https ://d3n6jitgitr0i4.cloudfront.net https ://d3n6jitgitr0i4.cloudfront.net
Apart from the TLS certificate, it will give you the ability to cache your static resources at CloudFront's edge locations, and improve latency on the TLS handshake roundtrips.除了 TLS 证书之外,它还使您能够在 CloudFront 的边缘站点缓存 static 资源,并改善 TLS 握手往返的延迟。
This could be a solution without using subdomains but using path redirection这可能是一个不使用子域但使用路径重定向的解决方案
https://caddy.community/t/caddy-2-reverse-proxy-to-path/9193https://caddy.community/t/caddy-2-reverse-proxy-to-path/9193
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.