无法访问 AWS Application Load Balancer EC2 实例中的 HTTPs [英] Unable to Access HTTPs in AWS Application Load Balancer EC2 Instance

问题描述

我有一个 EC2 实例，想向其中添加 HTTPS.我可以使用 http 访问它.

I have an EC2 Instance, and want to add HTTPS to it. I am able to access it using http.

我添加了一个应用程序负载均衡器，并启用了端口 80 和 443.

I have added an Application Load Balancer, and enabled the Ports 80 and 443.

我还在 Route 53 中添加了 ALB 的 DNS.

I also added the DNS of the ALB in Route 53.

api.example.com alias to the ALB DNS

但是，当我使用 HTTP 访问 ALB 时，它工作正常.但是，当我尝试使用 HTTPS 执行相同操作时，出现错误无法访问此站点".

However, when I access the ALB using HTTP, it works fine. But when I try to do the same using HTTPs, it gives an error "This site can’t be reached".

我已经做过的事情:

• 向 api.example.com 添加了证书管理器
• 向安全组添加了 HTTPS(端口 443)配置.

有人能帮我解决这个问题吗?

Can anyone help me out in this?

推荐答案

您的 ALB 中似乎缺少端口 433 上的侦听器，或者该侦听器未正确配置.

It seems that you are missing a listener on port 433 in your ALB or the listener is not properly configured.

如果您想直接将 ALB 暴露在外面，例如如果前面没有 CloudFront 分配，您的 ALB 将需要处理 TLS.这样做的正确方法是在 ALB 上执行 SSL 终止，然后将普通请求转发到您的目标.当然，除非有合规准备不能这样做.除此之外，这将使您的生活更轻松，因为您无需管理目标上的密钥.

If you want to directly expose your ALB to the outside, e.g. without a CloudFront distribution in front of it, your ALB will need to handle TLS. Proper way of doing this would be to do SSL termination on the ALB and then forward the plain request to your targets. Unless of course there are compliance ready for not being able to so. Among other things, this will make your life easier as you don't have to manage the keys on the targets.

因此，您需要确保您的侦听器配置正确，即始终转发到端口 80，考虑到您的目标需要端口 80 上的流量.

Therefore, you will need to make sure that your listener is properly configured, i.e., that is always forwards to port 80, considering that your targets expect traffic on port 80.

最好的，斯蒂芬

这篇关于无法访问 AWS Application Load Balancer EC2 实例中的 HTTPs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！