谁能向我解释一下如何在我的 AWS EC2 上安装 SSL。我阅读了很多文章,这些步骤很简单,但我尝试了其中的几个,但都没有奏效。
我有一个 AWS EC2
EC2 staic ip, 54.XXX
subdoamin, xxxx.ab.abc.com
security group: port from
custom 80, 443, 9000-9100
nginx redirect
aaa1.ab.abc.com:80 to aaa1.ab.abc.com:9001
aaa2.ab.abc.com:80 到 aaa1.ab.abc.com:9002
aaa3.ab.abc.com:80 到 aaa1.ab.abc.com:9003
...
aaa(n).ab.abc。 com:80 到 aaa1.ab.abc.com:900(n)
ngnix.conf
server {
listen 80;
server_name ~^(aaa(?<site>[0-9]+)).ab.abc.com;
location / {
set $custom_port 90$site;
if ($custom_port ~ "^.{3}$") {
set $custom_port 900$site;
}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:$custom_port;
}
}
我如何将 SSL 安装到 EC2 中,以便无论我点击哪个子域。它会得到认证吗?
Steps I have done.
$sudo service nginx stop
$git clone https://github.com/certbot/certbot.git to use certbot to generate SSL key
$./certbot-auto certonly --manual --email [email protected] -d ab.abc.com
$mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
$cd /tmp/certbot/public_html
$printf "%s" <key> > .well-known/acme-challenge/<key>
$sudo $(command -v python2 || command -v python2.7 || command -v python2.6) -c "import BaseHTTPServer, SimpleHTTPServer; s=BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler);s.serve_forever()"
then I have
108.14.0.213 - - [09/Jul/2017 03:32:26] "GET /path? HTTP/1.1" 404 -
^CTraceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/SocketServer.py", line 236, in serve_forever
poll_interval)
File "/usr/lib/python2.7/SocketServer.py", line 155, in _eintr_retry
return func(*args)
KeyboardInterrupt
如果您只想在您的实例上安装一个 SSl 证书,那么最好的方法是生成一个 CSR 并与像 trustsign 这样的第三方提供商签署一份。请注意,在这种情况下,您选择的 SSL 证书必须是上述名称格式的通配符 ssl 证书类型。应该*ab.abc.com
如果这只是一个测试服务器并且您不关心安全警告,那么您可以按照以下方式自行签名,但是从浏览器访问 url 时,您必须接受安全警告
# openssl genrsa -out keyfile.key 2048
# openssl req -new -key keyfile.key -out certrequest.csr
# openssl x509 -req -days 3650 -in certrequest.csr -signkey keyfile.key -out certificate.pem
然后,您可以更新您的 nginx 配置,如下所示:
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /path_to_your_public_Cert/certificate.pem;
ssl_certificate_key /path_to_yourPrivate_key/keyfile.key;
server_name ~^(aaa(?<site>[0-9]+)).ab.abc.com;
location / {
set $custom_port 90$site;
if ($custom_port ~ "^.{3}$") {
set $custom_port 900$site;
}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:$custom_port;
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句