在AWS EC2 Bitnami Mean Stack上安装SSL [英] Installing SSL on AWS EC2 Bitnami Mean Stack

问题描述

我们使用的是Bitnami提供的AMI，它由部署在Ubuntu服务器上的MEAN堆栈组成.我们最近从GoDaddy购买了SSL证书，试图将其安装在Amazon EC2服务器上.通过在apache2文件夹下设置conf/extra/httpd-ssl.conf，我们将证书成功安装在Apache服务器上.

We are using an AMI provided by Bitnami that consists of our MEAN stack deployed on an Ubuntu server. We recently purchased an SSL certificate from GoDaddy which we were trying to install on our Amazon EC2 server. We installed the certificates successfully on the Apache server by setting up conf/extra/httpd-ssl.conf under the apache2 folder.

但是，当我们转到https://zywie.org时，它将用户重定向到默认的Bitnami网页，而不是Zywie应用程序.

However, when we go to https://zywie.org, it redirects the user to the default Bitnami webpage, not the Zywie application.

我们的MEAN堆栈应用程序在端口9000上运行. 我们在HTTP上也遇到了类似的问题，因此我们运行了以下命令并解决了该问题

Our MEAN stack application runs at port 9000. We had a similar problem with the HTTP so we ran the following and this solved it

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 9000

对于https，我们执行了类似的命令(见下文)，但是没有运气.

For https we executed a similar command (see below) but with no luck.

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to 9000

现在，可以在http://www.zywie.org处访问我们的MEAN堆栈应用程序.同样，我们也希望HTTPS也转发到9000.

For now, our MEAN stack application can be accessed at http://www.zywie.org. Likewise, we want the HTTPS to forward to 9000 too.

您能告诉我们如何解决此问题吗?

Can you please let us know how to fix this?

谢谢

推荐答案

注意:以下步骤假定您使用的是自定义域名 并且您已经将自定义域名配置为指向 到您的云服务器.在以下步骤中，替换APPNAME 占位符以及您的应用程序目录的名称.

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server. In the following steps, replace the APPNAME placeholder with the name of your application directory.

Bitnami映像随附已预先配置的SSL支持，并带有虚拟证书.尽管此虚拟证书适合用于测试和开发目的，但是您通常会希望将有效的SSL证书用于生产.您可以自己生成一个(在此进行解释)，也可以从商业证书颁发机构购买.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

一旦获得了证书和证书密钥文件，就需要更新服务器以使用它们.请按照以下步骤激活SSL支持:

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

1.-使用下表确定证书和配置文件的正确位置.

1.- Use the table below to identify the correct locations for your certificate and configuration files.

当前应用程序URL https://[custom-domain]/

Nginx配置文件 /opt/bitnami/apps/APPNAME/conf/APPNAME.conf

证书文件 /opt/bitnami/apps/APPNAME/conf/certs/server.crt

证书密钥文件 /opt/bitnami/apps/APPNAME/conf/certs/server.key

2.-将您的SSL证书和证书密钥文件复制到指定位置.

2.-Copy your SSL certificate and certificate key file to the specified locations.

3.-复制所有服务器证书文件后，您可以仅使用以下命令使root用户可以读取它们:

3.- Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

sudo chown root:root /opt/bitnami/apps/APPNAME/conf/certs/server*
sudo chmod 600 /opt/bitnami/apps/APPNAME/conf/certs/server*

4.-打开服务器防火墙中的端口443. 请参阅常见问题解答有关更多信息.

4.- Open port 443 in the server firewall. Refer to the FAQ for more information.

5.-重新启动Nginx服务器.

5.- Restart the Nginx server.

sudo /opt/bitnami/ctlscript.sh restart nginx

您现在应该可以使用HTTPS URL访问您的应用程序.

You should now be able to access your application using an HTTPS URL.

这篇关于在AWS EC2 Bitnami Mean Stack上安装SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！