SSL在Web接​​工作

SSL在Web接​​工作

本文介绍了你如何获得亚马逊的ELB使用HTTPS / SSL在Web接​​工作?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

似乎这并不奏效现在。我使用的是王菲背后亚马逊ELB NodeJS。当我打开HTTPS连接不能再撮合。我在这里找到了一个无法解决的问题:<一href="https://forums.aws.amazon.com/message.jspa?messageID=283293">https://forums.aws.amazon.com/message.jspa?messageID=283293 。任何人都能够得到这个工作?周围是否有经营自己的HAProxy的实例之外的任何工作?

This doesn't seem to be working right now. I'm using Faye with NodeJS behind an Amazon ELB. When I switch on HTTPS the connections can no longer be brokered. I found a question here unanswered: https://forums.aws.amazon.com/message.jspa?messageID=283293 . Anyone able to get this working? Are there any work around outside of running my own instance of HAProxy?

推荐答案

我确认,根据我们自己的测试,基于TCP / SSL配置ELB,而不是哦,HTTP / HTTPS,使得使用WebSockets的伎俩。缺点有两个:

I confirm, based on our own tests, that configuring ELB on TCP/SSL, instead oh HTTP/HTTPS, makes the trick with WebSockets. The drawbacks are two:

1)正如所指出由arturnt,你不能得到stickyness。

1) As already pointed by arturnt, you cannot get stickyness.

2)你就失去了获取客户的身份的能力。原始IP看到您的WebSocket服务器将总是ELB 1和,从HTTP / HTTPS配置方式不同,没有X - 转发,对于首标将​​被添加到所述请求。

2) You will lose the ability to retrieve the identity of the clients. The originating IP seen by your WebSocket server will be always the ELB one and, differently from the HTTP/HTTPS configuration, no X-Forwarded-For header will be added to the requests.

****更新于7月2013 **:亚马逊刚刚添加了对代理协议,解决了上述缺点号码2。与代理协议,包含客户端发起一个头的IP被添加即使ELB工作在TCP层,而不是HTTP。

****UPDATE on July 2013**: Amazon has just added support for Proxy Protocol, which solves drawback number 2 above. With the Proxy Protocol, a header containing the client's originating IP is added even when ELB works at TCP level, rather than HTTP.

全部细节:http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html

这篇关于你如何获得亚马逊的ELB使用HTTPS / SSL在Web接​​工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 18:50