[英]SSL certificate behind AWS Load Balancer
我有一個在 AWS 上運行的項目。 結構是這樣的:
Application Load Balancer:
- EC2 AutoScaling Group [1-5]:
- 1^ instance...
... (more spawned when needed)
- 5^ instance...
我使用 AWS Certificate Manager 為負載均衡器創建了一個證書。 所以現在的流量是:
Clients ---- HTTPS Port 443 ----- > Load Balancer ------ HTTP Port 80 ----> EC2 Instances
但由於在我加載網頁時實例上沒有證書,我收到“站點不安全”警告。
如何創建從客戶端到負載均衡器后面的任何實例的完整 SSL 連接?
編輯
這是 nginx 配置(適用於所有實例)
server {
listen 80;
server_name marette.ovh www.marette.ovh;
root /home/marette/marette_backend/dist;
index index.html index.htm;
client_max_body_size 10M;
error_page 502 /gateway.html;
location / {
add_header 'Access-Control-Allow-Origin' "*" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_read_timeout 30s;
proxy_send_timeout 30s;
root /home/marette/marette_backend/dist;
try_files $uri $uri/ /index.html;
}
error_log /var/log/nginx/vue-app-error.log;
access_log /var/log/nginx/vue-app-access.log;
# this is for the REST backend
location /api {
add_header 'Access-Control-Allow-Origin' "*" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
# required to be able to read Authorization header in frontend
add_header 'Access-Control-Expose-Headers' 'Authorization' always;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 30s;
proxy_send_timeout 30s;
proxy_pass https://127.0.0.1:8000/api;
}
}
應執行的檢查:
測試 SSL 問題的好網站是使用SSL Labs
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.