Блог

Я пытаюсь подключиться к своему экземпляру Elastic Beanstalk https. Я следил за документами, но все еще подключаюсь только через http(работают только http-запросы, где https-запросы говорят «отказать»). В моем коде (который является дротиком) Я служу в порту 8080. Когда я изменил его на 80, я получил плохую ошибку шлюза. Вот файлы в моей папке .ebextensions:

 Resources:  sslSecurityGroupIngress:  Type: AWS::EC2::SecurityGroupIngress  Properties:  GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}  IpProtocol: tcp  ToPort: 443  FromPort: 443  CidrIp: 0.0.0.0/0  

n

 Parameters:  privatekey:  Type: String  Description: "The path to the private key in Amazon S3"  Default: "https://elasticbeanstalk-us-west-2.s3.us-west-2.amazonaws.com/server.key"  publiccert:  Type: String  Description: "The public certificate"  Default: |  -----BEGIN CERTIFICATE-----  ...  -----END CERTIFICATE-----   ############################################## #### Do not modify values below this line #### ##############################################  files:  # nginx HTTPS configuration  /etc/nginx/conf.d/https.conf:  mode: "000644"  owner: root  group: root  content: |  # HTTPS Server   server {  listen 443;  server_name localhost;   ssl on;  ssl_certificate /etc/pki/tls/certs/server.crt;  ssl_certificate_key /etc/pki/tls/certs/server.key;   ssl_session_timeout 5m;   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  ssl_ciphers "EECDH AESGCM:EDH AESGCM:AES256 EECDH:AES256 EDH";  ssl_prefer_server_ciphers on;   location / {  proxy_pass http://docker;  proxy_http_version 1.1;   proxy_set_header Connection "";  proxy_set_header Host $host;  proxy_set_header X-Real-IP $remote_addr;  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  }  }   # Public certificate  /etc/pki/tls/certs/server.crt:  mode: "000400"  owner: root  group: root  content: { "Ref": "publiccert"}   # Private key  /etc/pki/tls/certs/server.key:  mode: "000400"  owner: root  group: root  authentication: "S3Auth"  source: { "Ref" : "privatekey" }  container_commands:  01restart_nginx:  command: "service nginx restart"  Resources:  # Use instance profile to authenticate to S3 bucket that contains the private key  AWSEBAutoScalingGroup:  Metadata:  AWS::CloudFormation::Authentication:  S3Auth:  type: "s3"  roleName:  "Fn::GetOptionSetting":  Namespace: "aws:autoscaling:launchconfiguration"  OptionName: "IamInstanceProfile"  DefaultValue: "aws-elasticbeanstalk-ec2-role"  

n

 files:  "/etc/nginx/sites-available/elasticbeanstalk-nginx-docker-proxy.conf":  owner: root  group: root  mode: "000644"  content: |  map $http_upgrade $connection_upgrade {  default "upgrade";  "" "";  }   server {  listen 8080;   gzip on;  gzip_comp_level 4;  gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml rss text/javascript;   if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") {  set $year $1;  set $month $2;  set $day $3;  set $hour $4;  }  access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;   access_log /var/log/nginx/access.log;   location / {  set $redirect 0;  if ($http_x_forwarded_proto != "https") {  set $redirect 1;  }  if ($http_user_agent ~* "ELB-HealthChecker") {  set $redirect 0;  }  if ($redirect = 1) {  return 301 https://$host$request_uri;  }   proxy_pass http://docker;  proxy_http_version 1.1;   proxy_set_header Connection $connection_upgrade;  proxy_set_header Upgrade $http_upgrade;  proxy_set_header Host $host;  proxy_set_header X-Real-IP $remote_addr;  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  }  }