HTTPS弹性Beanstalk Flask应用程序 [英] HTTPS on Elastic Beanstalk Flask application

问题描述

我一直在尝试在我的AWS Elastic Beanstalk（eb）应用程序上启用SSL，迄今没有太多的运气。

I have been trying get SSL enabled on my AWS Elastic Beanstalk(eb) application with not much luck so far.

遵循用于在eb上配置https访问的文档，我创建了一个自签名证书，我认为只要想要加密即可。

After following the documentation for configuring https access on eb, I created a self-signed certificate which I believe to be enough if one just wants encryption.

我创建了一个使用负载平衡器并上传证书的eb环境，我可以使用它并选择安全监听端口（8443）。

I created a eb environment which used a load balancer and after uploading the certificate, I was able to use it and pick the secure listening port (8443).

在EC2负载均衡器上，我创建了一个监听器，用于

On the EC2 load balancer, I created a listener for

HTTPS   8443    HTTP    80  <cert file>

然后，我给负载平衡器和eb实例一个具有规则的安全组：

I then gave the load balancer and the eb instance a security group that had the rule:

Custom TCP Rule     TCP     8443     0.0.0.0/0

我还包括一个.ebextensions中的配置，就像文档告诉我一样：

I also included a config in .ebextensions pointing like the documentation told me:

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupName: {Ref : <security_group_name>}
      IpProtocol: tcp
      ToPort: 8443
      FromPort: 8443
      CidrIp: 0.0.0.0/8443

然后在我的烧瓶应用程序中，应用程序具有以下参数：

Then in my flask application the application had these parameters:

from OpenSSL import SSL
from flask_sslify import SSLify

context = SSL.Context(SSL.TLSv1_2_METHOD)
context.use_privatekey_file('/home/ec2-user/privatekey.pem')
context.use_certificate_file('/home/ec2-user/server.crt')

basic_auth = BasicAuth(application)
sslify = SSLify(application)


if __name__ == '__main__':
    application.run(host='0.0.0.0', port=8443, ssl_context=context)

现在当我去实例以IP为前缀的公共IP：//我得到这个：

Now when I go to the instance's public IP prefixed with https:// I get this:

Google Chrome连接信息（不能发布图像与当前的代表呃）

Google Chrome Connection info (can't post images with current rep ughh)

这让我认为我有加密， Flask服务器连接日志仍然显示明确的请求（预期看到混乱的加密请求信息）。

Which makes me think that I have the encryption I'm after but the Flask server connection log still shows clear requests (expected to see jumbled, encrypted request info).

当我连接* .elasticbeanstalk.com地址时，我什么都没有。

When I connect with the *.elasticbeanstalk.com address I get nothing.

所以我想我有两个问题：

So I guess I have two questions:

1）这是否意味着我有加密？

2）为什么我无法使用我的elasticbeanstalk url访问实例？

推荐答案

您的ELB配置是侦听端口8443上的HTTPS请求，并向EC2 HTTP端口发出代理请求。所以，您的EC2必须在HTTP端口上侦听。但是，这意味着您在ELB上终止您的SSL请求。

Your ELB config is listen HTTPS request on port 8443 and make a proxy request to EC2 HTTP port. So, your EC2 must listen on HTTP port. But, it means that you terminate your SSL request on ELB.

如果您希望EC2在端口8443上侦听HTTPS请求，则您的ELB配置应该是：

If you want your EC2 listen HTTPS request on port 8443, your ELB config should be:

HTTPS   8443    HTTPS   8443  <cert_file>

这篇关于HTTPS弹性Beanstalk Flask应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！