个人中心
gpt4 book ai didi

Apache2 开放式 SSL 证书显示在 AWS 负载均衡器上

转载 作者:太空宇宙 更新时间:2023-11-03 13:59:54 31 4
gpt4 key购买 nike

我正在尝试在 AWS ec2 实例上配置 SSL 证书,我遵循了以下步骤:

  1. 使用 ubuntu 操作系统在 ec2 上创建实例。
  2. 通过证书管理器在我的域上颁发证书 -> 例如:*.domains.com 和 domains.com
  3. 创建了一个经典负载均衡器来指向这些证书和 ec2 实例。
  4. 将 Route 53 中的 A 记录配置为负载均衡器的别名
  5. 在 apache2 上配置我的虚拟主机

$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout/etc/apache2/ssl/apache-selfsigned.key -out/etc/apache2/ssl/apache-selfsigned.crt

我获得了包含所要求的所有必要详细信息的自签名证书。

然后像这样配置我的虚拟主机:

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin support@noeticitservices.com
        ServerName ssltest.domains.com
        ServerAlias ssltest.domains.com
        DocumentRoot /var/www/html/****/public
        ErrorLog /var/www/html/****/error.log
        CustomLog /var/www/html/****/access.log combined

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache-selfsigned.key

        <Directory /var/www/html/****/public>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
         # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>


<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin support@noeticitservices.com
        ServerName ssltest.domains.com
        ServerAlias ssltest.domains.com
        DocumentRoot /var/www/html/****/public
        ErrorLog /var/www/html/****/error.log
        CustomLog /var/www/html/****/access.log combined

        <Directory /var/www/html/****/public>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

当我访问我的域时,它没有获取亚马逊颁发的证书。我怎样才能指向证书,我已经浏览了互联网上几乎所有可用的资源。我的 default-ssl.conf 也启用了 mod_ssl 也启用了。帮我解决这个问题。

最佳答案

Configured A record in Route 53 to alias of load balancer

好的,这就是我认为你搞砸了的地方。 dig ns biltrax.com 为您的域提供以下名称服务器:

  • ns34.domaincontrol.com
  • ns33.domaincontrol.com

我相信这些是 GoDaddy 的。不管它们是什么,它们都不是 Route53 的名称服务器。因此,您在 Route53 中的记录无效 - 它们会被忽略,因为您域的 DNS 完全由不同的服务处理。

如果您希望 Route53 负责该域,则必须将该域指向您注册商处的 Route53 名称服务器。

关于Apache2 开放式 SSL 证书显示在 AWS 负载均衡器上,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54394988/

31 4 0
文章推荐: apache - "Job for httpd.service failed because the control process exited with error code."我该如何解决这个问题?
文章推荐: python - 定义抽象类的三种方式的区别
文章推荐: python - 使用正则表达式有效地将一列中的部分值替换为 pandas 中另一列中的值?
文章推荐: php - laravel 5.7 cURL 错误 60 : SSL certificate problem: unable to get local issuer certificate
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com