java-将SSL证书配置为单个Elastic Beanstalk TOMCAT实例
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了java-将SSL证书配置为单个Elastic Beanstalk TOMCAT实例,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含4060字,纯文字阅读大概需要6分钟。
内容图文
![java-将SSL证书配置为单个Elastic Beanstalk TOMCAT实例](/upload/InfoBanner/zyjiaocheng/685/6c604cae4aac497197307097c90b2cf6.jpg)
我试图在我的TOMCAT Elastic beantalk EC2实例中安装SSL证书.我还希望我的应用程序侦听端口443上的HTTPS请求.作为起点,我的解决方案基于this link.
经过一段时间的尝试,我无法安装我的证书或使端口443侦听HTTPS请求.
这些是我遵循的步骤:
1)我在src根目录下使用.ebextensions文件夹构建WAR,如下所示
ROOT.war
|
WEB-INF
META-INF
.ebextensions
|
https-instance-single.config
https-instance.config
2)https-instance.config文件内容
packages:
yum:
mod_ssl : []
container_commands:
1killhttpd:
command: "killall httpd"
ignoreErrors: true
2wait:
command: "sleep 3"
files:
# Apache HTTPS configuration
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
</VirtualHost>
# Public certificate
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
/etc/pki/tls/certs/gd_bundle.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
3)https-instance-single.config文件内容
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
4)然后,我使用弹性beantalk控制台部署了WAR(在此过程中,至少在控制台上未抛出任何错误消息).
在按规定部署My war之后,我的Web应用程序运行正常,但是没有SSL配置,并且HTTPS请求没有重定向到端口443.更糟糕的是,该应用程序甚至没有在侦听HTTPS请求.
有人有灯吗?我不想使用ELB(弹性负载平衡器),因为Im迁移了一堆小应用程序,这会给我带来可观的成本增加(每个应用程序约20美元).
解决方法:
这是解决问题的所有步骤:
1)我从https-instance.config中删除了/etc/httpd/conf.d/ssl.conf文件声明块
2)我将文件本身添加到.ebextensions / httpd / conf.d / ssl.conf.文件内容如下:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerName [YOUR APP ENDPOINT HERE i.e www.mydomain.com]
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
</VirtualHost>
重要提示:不要忘记在服务器名称中添加一行
3)此步骤是可选的,只需执行即可.如果要将所有http请求从端口80重定向到443,则必须添加具有端口80侦听器配置的配置文件.我将其命名为elasticbeanstalk.conf
<VirtualHost *:80>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerName [YOUR APP ENDPOINT HERE i.e www.mydomain.com]
Redirect permanent / https://[YOUR APP ENDPOINT HERE i.e www.mydomain.com]/
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
好的,那就是我的战争如何组织其目录:
ROOT.war
|
WEB-INF
META-INF
.ebextensions
|
https-instance-single.config
https-instance.config
|
httpd
|
conf.d
|
elasticbeanstalk.conf
ssl.conf
内容总结
以上是互联网集市为您收集整理的java-将SSL证书配置为单个Elastic Beanstalk TOMCAT实例全部内容,希望文章能够帮你解决java-将SSL证书配置为单个Elastic Beanstalk TOMCAT实例所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。