ELB和Apache配置HTTPS网站 [英] ELB and Apache configuration for HTTPS website

问题描述

我设立ELB的HTTPS网站，我没有关于端口的配置问题...

I'm setting up ELB for a https website and I have questions concerning the ports configuration...

现在我对ELB此端口配置：

Right now I have this port configuration on the ELB:

• 80（HTTP）转发到80（HTTP）
• 443（HTTPS）转发80 （HTTP）

• 80 (HTTP) forwarding to 80 (HTTP)
• 443 (HTTPS) forwarding to 80 (HTTP)

和我的例子中，我有这样的Apache配置：

And on my instance I have this Apache configuration:

• 要求*：80重定向到的https：//www.mywebsite
• *：443配置

显然，它的工作，但它是正确的方式做？

Apparently it's working but is it the right way to do?

感谢您的帮助

席琳

PS：当我开始配置ELB我表示443转发到443，但后来我不得不回答奇怪的问题进行验证...

PS: When I started to configure the ELB I indicated 443 forwarding to 443 but then I had to answer strange questions for the authentication...

推荐答案

在这个问题描述没有工作，因为它创造了一个永不落幕的重定向配置：443（ELB）转发到80（阿帕奇）转发到443（ ELB）转发到80（阿帕奇）转发到443（ELB）等。

The configuration as described in the question didn't work because it created a never ending redirection: 443(ELB) forwarding to 80(Apache) forwarding to 443(ELB) forwarding to 80(Apache) forwarding to 443(ELB), etc.

所以，我修改了ELB配置有：

So, I modified the ELB configuration to have:

• 443（HTTPS）转发到443（HTTPS）
• 80（HTTP）转发到80（HTTP）

当我创建了监听器443（HTTPS）转发到443（HTTPS），我没有回答关于验证问题。当我看到在ELB说明我可以看到后端验证：禁用

When I created the listener 443 (HTTPS) forwarding to 443 (HTTPS), I didn't get to answer questions concerning the authentication. When I look on the ELB description I can see "Backend Authentication: Disabled"

健康检查是对HTTPS做：443

The Health Check is done on HTTPS:443

（我还修改了实例安全组：只有负载均衡器可以访问端口80和443的实例）

(I also modified the instance security group: only the load balancer can access the instance on ports 80 and 443)

更新：

另一种解决方案是只有80端口上的实例打开：

Another solution is to have only port 80 open on the instance:

• 80（HTTP）转发到80（HTTP）
• 443（HTTPS）转发到80（HTTP）

，但可以使用的是X转发-原，以确定该客户端使用HTTP或HTTPS并转发到HTTPS仅当X - 转发的Proto = HTTP

but to use X-Forwarded-Proto to determine if the client used HTTP or HTTPS and forward to HTTPS only if X-Forwarded-Proto = http

例如用Apache：

<VirtualHost *:80>
    ...
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    ...
</VirtualHost>

行的RewriteCond％{HTTP_USER_AGENT}！^ ELB-HealthChecker 已添加这样ELB检查不重定向。请参阅<一href="http://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir">http://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir对于有关健康检查其他的解决方案

The line RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker has been added so the ELB check is not redirected. See http://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir for other solutions concerning the health check

AWS文档有关的X转发，原：<一href="http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers" rel="nofollow">http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers

AWS Documentation concerning X-Forwarded-Proto: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers

这篇关于ELB和Apache配置HTTPS网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！