问题描述
我正在使用一个AWS EC2实例(亚马逊Linux,弹性IP)尝试通过ACM设置SSL。证书已验证,并且负载平衡器正在通过健康检查,侦听prot 443,并转发到端口80。最初,在测试https时,我收到拒绝连接的信息。这让我感到困惑,因为我认为负载均衡器会捕获并转发到端口80。我通过EC2实例上的nginx启用了端口443,所以现在它正在侦听443(通过telnet测试),从而摆脱了连接拒绝错误,但是现在我收到了ERR_SSL_PROTOCOL_ERROR。如果缺少负载均衡器并直接命中EC2实例,则这是有道理的。
I am working with an AWS EC2 instance (amazon Linux, elastic IP) trying to set up SSL through ACM. The certificate is verified and the load balancer is passing the health checks listening on prot 443, forwarding to port 80. Initially, when testing https I received a connection refused. This confused me because I thought the load balancer would catch and forward this to port 80. I enabled port 443 via nginx on the EC2 instance, so now it is listening on 443 (tested via telnet), which got rid of the connection refused error, but now I get a ERR_SSL_PROTOCOL_ERROR. This makes sense if it is missing the load-balancer and hitting the EC2 instance directly.
这是问题所在(缺少负载均衡器)吗?如果是这样,我该如何解决。我没有为负载均衡器分配IP地址的方法。这种设置是否需要CNAME记录?如果是这样,我该如何配置?
Is this the problem (missing the load-balancer)? If so, how do I fix this. I don't see a way to assign an an IP address to a load-balancer. Is a CNAME record required for this kind of setup? If so, how do I configure this?
谢谢。
推荐答案
您的负载平衡器将是SSL终止的地方,然后继续运行在端口80上运行的不安全服务器。您应该将EC2实例更改回端口80。
Your load balancer will be the spot where SSL terminates, and then carries on to your insecure servers running on port 80. You should change your EC2 instance back to port 80.
是的,您应该将CNAME指向创建证书所针对的域中的负载均衡器。您没有获得用于ELB的IP,因为在幕后实际上可能有很多负载均衡器,您看不到它们,它们都隐藏在AWS CNAME后面。
Yes, you should point a CNAME at your load balancer from the domain the certificate was created for. You do not get an IP for ELB's, as there may actually be many load balancers behind the scenes, which you don't see, all hiding behind the AWS CNAME.
摘要:
- 更改EC2以再次在端口80上提供流量
- 使ELB接受连接端口443,并发送到实例上的80。
- 向您的ELB分配一个有效域,以证明证书对
- Profit有效。
- Change your EC2 to serve traffic on port 80 again
- Make ELB accept connections on port 443, and send to 80 on the instance
- Assign a valid domain to your ELB that the certificate is valid for
- Profit.
欢呼声
这篇关于AWS ACM SSL协议错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!