如何强制弹性魔豆HTTPS? [英] How to force https on elastic beanstalk?
问题描述
我似乎无法强制HTTPS弹性豆茎的免费使用层。
I can't seem to force https on the free usage tier of elastic beanstalk.
我曾尝试以下建议在<一个href="http://stackoverflow.com/questions/6858492/how-to-force-https-on-amazon-elastic-beanstalk-without-failing-the-health-check">How强制HTTPS在Amazon Elastic豆茎无故障的健康检查
使用这个阿帕奇重写规则
Using this Apache rewrite rule
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} !^/status$
RewriteCond %{REQUEST_URI} !^/version$
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
当我尝试,HTTP请求不被重定向到https,因为我想。相反,HTTP页面加载正常。我也试着使用X-转发端口头具有相同的结果。
When I try that, http requests do not get redirected to https as I would like. Instead, the http page loads normally. I've also tried to use the X-Forwarded-Port header with the same result.
我也试过以下重写规则
RewriteCond %{SERVER_PORT} 80
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
和该规则使重定向循环。因此,它似乎是在Apache重写规则不拿起弹性负载均衡头的X转发,端口和X - 转发,原始,也是一个重定向循环是不是我要的那么多。
And this rule causes a redirect loop. So it would seem that the apache rewrite rules don't pick up the Elastic Load Balancer headers X-Forwarded-Port and X-Forwarded-Proto, but also a redirect loop isn't what I am going for either.
请帮忙。我是新来的AWS,弹性魔豆,而不是非常熟悉Apache的规则。我不太知道从哪里何去何从。谢谢你。
Please help. I am new to AWS, Elastic Beanstalk, and not very familiar with Apache rules. I am not too sure where to go from here. Thanks.
推荐答案
这为我工作:
-
上传使用
AWS控制台命令。该命令的结构是:
Upload the certificate to AWS using the
awsconsole command. The command structure is:
aws iam upload-server-certificate --server-certificate-name CERTIFICATE_NAME --certificate-body "file://PATH_TO_CERTIFICATE.crt" --private-key "file://YOUR_PRIVATE_KEY.pem" --certificate-chain "file://YOUR_CERTIFICATE_CHAIN.ca-bundle" --path /cloudfront/
在您的弹性魔豆的应用程序,转到配置 - > 网络层 - > 负载平衡,然后点击齿轮图标
In your Elastic Beanstalk application, go to Configuration -> Network Tier -> Load Balancing and click the gear icon.
选择安全监听端口作为 443 。选择协议作为 HTTPS 。选择 CERTIFICATE_NAME 从第2步作为 SSL证书编号。保存配置。
Select Secure listener port as 443. Select Protocol as HTTPS. Select the CERTIFICATE_NAME from step 2 for SSL certificate ID. Save the configuration.
转到您的控制台。点击 EC2实例。点击负载均衡。点击通过负载平衡器。点击实例,然后向下滚动才能看到分配给该负载平衡器的EC2实例。如果EC2实例具有相同的名称作为您的应用程序URL(或一些接近),注意在 DNS名称作为负载平衡器。它应该在格式 awseb-E -...
Go to your Console. Click EC2 Instances. Click Load Balancers. Click through the load balancers. Click Instances and scroll down to see the EC2 instances assigned to that load balancer. If the EC2 instance has the same name as your Application URL (or something close), take note of the DNS Name for the load balancer. It should be in the format awseb-e-...
返回到您的控制台。点击 CloudFront的。点击创建通讯。选择网络分配。
Go back to your Console. Click CloudFront. Click Create Distribution. Select a Web distribution.
设置发布。设置您的原产地域名,以你的第5步中的负载均衡DNS名称。将浏览器协议策略为重定向HTTP到HTTPS 。设置转发查询字符串为是。将备用域名(的CNAME)您要用于应用程序的URL(S)。将 SSL证书到 CERTIFICATE_NAME 你的步骤上传2 。创建您的通讯。
Set up the distribution. Set your Origin Domain Name to the load balancer DNS name you found in step 5. Set the Viewer Protocol Policy to Redirect HTTP to HTTPS. Set Forward Query Strings to Yes. Set Alternate Domain Names (CNAMEs) to the URL(s) you want to use for your application. Set SSL Certificate to the CERTIFICATE_NAME you uploaded in step 2. Create your distribution.
点击在CloudFront的发行版的名字。点击起源,选择您的由来,然后点击修改。确保您的原产地协议策略是匹配器。回去。点击行为,选择您的由来,然后点击修改。更改转发标题为白名单并添加主机。保存。
Click on your distribution name in CloudFront. Click Origins, select your origin, and click Edit. Ensure your Origin Protocol Policy is Match Viewer. Go back. Click Behaviors, select your origin, and click Edit. Change Forward Headers to Whitelist and add Host. Save.
注意: <一个href="http://stackoverflow.com/questions/19967788/laravel-redirect-all-requests-to-https/29171680#29171680">I写了一个较长的引导以及。
这篇关于如何强制弹性魔豆HTTPS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
