HTTPS弹性Beanstalk Flask应用程序 [英] HTTPS on Elastic Beanstalk Flask application
问题描述
我一直在尝试在我的AWS Elastic Beanstalk(eb)应用程序上启用SSL,迄今没有太多的运气。
I have been trying get SSL enabled on my AWS Elastic Beanstalk(eb) application with not much luck so far.
遵循用于在eb上配置https访问的文档,我创建了一个自签名证书,我认为只要想要加密即可。
After following the documentation for configuring https access on eb, I created a self-signed certificate which I believe to be enough if one just wants encryption.
我创建了一个使用负载平衡器并上传证书的eb环境,我可以使用它并选择安全监听端口(8443)。
I created a eb environment which used a load balancer and after uploading the certificate, I was able to use it and pick the secure listening port (8443).
在EC2负载均衡器上,我创建了一个监听器,用于
On the EC2 load balancer, I created a listener for
HTTPS 8443 HTTP 80 <cert file>
然后,我给负载平衡器和eb实例一个具有规则的安全组:
I then gave the load balancer and the eb instance a security group that had the rule:
Custom TCP Rule TCP 8443 0.0.0.0/0
我还包括一个.ebextensions中的配置,就像文档告诉我一样:
I also included a config in .ebextensions pointing like the documentation told me:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupName: {Ref : <security_group_name>}
IpProtocol: tcp
ToPort: 8443
FromPort: 8443
CidrIp: 0.0.0.0/8443
然后在我的烧瓶应用程序中,应用程序具有以下参数:
Then in my flask application the application had these parameters:
from OpenSSL import SSL
from flask_sslify import SSLify
context = SSL.Context(SSL.TLSv1_2_METHOD)
context.use_privatekey_file('/home/ec2-user/privatekey.pem')
context.use_certificate_file('/home/ec2-user/server.crt')
basic_auth = BasicAuth(application)
sslify = SSLify(application)
if __name__ == '__main__':
application.run(host='0.0.0.0', port=8443, ssl_context=context)
现在当我去实例以IP为前缀的公共IP://我得到这个:
Now when I go to the instance's public IP prefixed with https:// I get this:
Google Chrome连接信息(不能发布图像与当前的代表呃)
Google Chrome Connection info (can't post images with current rep ughh)
这让我认为我有加密, Flask服务器连接日志仍然显示明确的请求(预期看到混乱的加密请求信息)。
Which makes me think that I have the encryption I'm after but the Flask server connection log still shows clear requests (expected to see jumbled, encrypted request info).
当我连接* .elasticbeanstalk.com地址时,我什么都没有。
When I connect with the *.elasticbeanstalk.com address I get nothing.
所以我想我有两个问题:
So I guess I have two questions:
1)这是否意味着我有加密?
2)为什么我无法使用我的elasticbeanstalk url访问实例?
推荐答案
您的ELB配置是侦听端口8443上的HTTPS请求,并向EC2 HTTP端口发出代理请求。所以,您的EC2必须在HTTP端口上侦听。但是,这意味着您在ELB上终止您的SSL请求。
Your ELB config is listen HTTPS request on port 8443 and make a proxy request to EC2 HTTP port. So, your EC2 must listen on HTTP port. But, it means that you terminate your SSL request on ELB.
如果您希望EC2在端口8443上侦听HTTPS请求,则您的ELB配置应该是:
If you want your EC2 listen HTTPS request on port 8443, your ELB config should be:
HTTPS 8443 HTTPS 8443 <cert_file>
这篇关于HTTPS弹性Beanstalk Flask应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!