我正在尝试使用自签名SSL启用https到部署在AWS Elastic Beanstalk上的springboot webserver后端。我遵循了在线教程和指南,使用新的https-instance.config更改了我的Nginx配置。
files:
/etc/nginx/conf.d/myconf.conf:
mode: "conf"
owner: root
group: root
content: |
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
mycert
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
mykey
-----END RSA PRIVATE KEY-----
/opt/elasticbeanstalk/hooks/appdeploy/post/03_restart_nginx.sh:
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
sudo service nginx restart
SSH到实例时,无法在conf.d下找到我的myconf.conf文件。跑步service nginx status
给我
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/nginx.service.d
└─nginx.conf
Active: active (running) since Wed 2020-08-26 03:06:34 UTC; 15min ago
Process: 28894 ExecStartPost=/bin/sh -c systemctl show -p MainPID nginx.service | cut -d= -f2 > /var/pids/nginx.pid (code=exited, status=0/SUCCESS)
Process: 28890 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 28887 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 28886 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 28893 (nginx)
CGroup: /system.slice/nginx.service
├─28893 nginx: master process /usr/sbin/nginx
└─28897 nginx: worker process
Aug 26 03:06:34 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Aug 26 03:06:34 nginx[28887]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Aug 26 03:06:34 nginx[28887]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Aug 26 03:06:34 systemd[1]: Started The nginx HTTP and reverse proxy server.
我错过了什么。这是我关于AWS EBS的第一个项目。
注意:我正在运行EBS的免费套餐单一实例
nginx
你尝试使用的设置(/etc/nginx/conf.d/myconf.conf
)适用于Amazon Linux 1。
但是似乎你正在使用Amazon Linux 2(AL2)。因此,你应该使用不同的文件来设置nginx。对于AL2,nginx设置应位于.platform/nginx/conf.d/
,而不是docs中.ebextentions
所示的in中。
因此,你可能具有以下.platform/nginx/conf.d/myconfig.conf
内容:
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
以上仅是配置文件的示例。我无法验证该设置是否真正起作用,但是你肯定使用了错误的文件夹来设置AL2中的nginx选项。
我的建议是尝试首先使其通过ssh手动工作。你可能会发现,如果通过提供自己的.platform/nginx/nginx.conf
文件没有任何作用,则需要覆盖整个nginx设置。
感谢Marcin,我没有想到这可能是错误的linux版本!
非常感谢!我花了很长时间浏览AWS文档/教程(但我想这是错误的版本)。我不知道为什么当我使用ssh时我的配置没有显示。
这
.platform/nginx/nginx.conf
之前执行.platform/hooks
吗?我有这样的设置,但是它总是错误指出该文件.crt
不存在。使用certbot
在上执行的文件生成的文件.platform/hooks/prebuild