how to attach SSL certificate to single instance b

2019-03-09 22:39发布

站内问答 / 移动开发
1025 2 4

I have a Java war that I want to host on elastic beanstalk on AWS. I have a certificate but I am not able to figure out how to attach it to my single instance app.

All the howtos describe how to attach the certificate to elastic load balancer but no document on how to do it without load balancer (i.e. single instance).

I don't want to use load balancer because it costs extra (and not needed in testing environment).

Any help will be appreciated.

2条回答
不美不萌又怎样
2楼-- · 2019-03-09 23:00

This solution uses LetsEncrypt free certs, and doesn't require storing your certs in a config file. And its easy to reuse for different domains.

http://bluefletch.com/blog/domain-agnostic-letsencrypt-ssl-config-for-elastic-beanstalk-single-instances/

Summary: a config file with container commands that automates downloading certbot, getting a cert, and pointing nginx to the cert.

查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
3楼-- · 2019-03-09 23:20

Elastic Beanstalk single instance type did not support SSL via Management Console or API. You can find more information in AWS Forums.

But you can use Configuration File to customize your instance to enable SSL. Please see the following example.

  1. Create an .ebextensions directory in the top-level of your source bundle.
  2. Copy SSLCertificateFile.crt, SSLCertificateKeyFile.key, SSLCertificateChainFile.crt and ssl.conf(apache2 ssl module configuration) into .ebextensions
  3. Create a configuration file, /your_app/.ebextensions/01ssl.config. Type the following 01ssl.config inside the configuration file to configure ssl settings
  4. Open 443 port in your security group

01ssl.config

packages:
  yum:
    mod_ssl: []
container_commands:
  add-SSLCertificateFile-label:
    command: cp .ebextensions/SSLCertificateFile.crt /home/ec2-user/SSLCertificateFile.crt

  add-SSLCertificateKeyFile-label:
    command: cp .ebextensions/SSLCertificateKeyFile.key /home/ec2-user/SSLCertificateKeyFile.key

  add-SSLCertificateChainFile-label:
    command: cp .ebextensions/SSLCertificateChainFile.crt /home/ec2-user/SSLCertificateChainFile.crt

  replace-ssl-configuration-label:
    command: cp .ebextensions/ssl.conf /etc/httpd/conf.d/ssl.conf

ssl.conf example

Your WAR structure should look like

web_app.war
          |
          |_.ebextensions
          |   |_ 01ssl.config
          |   |_ SSLCertificateFile.crt
          |   |_ SSLCertificateKeyFile.key
          |   |_ SSLCertificateChainFile.crt
          |   |_ ssl.conf
          |
          |_META-INF
          |
          |_WEB-INF
               |_ classes
               |_ lib
               |_ web.xml

2013/11/14 Updated.

  1. Using configuration file should pay attention to security problems, because the files in the folder .ebextensions are accessible for everyone. This may not happen in usual situation.
  2. AWS also provides an example Configuration File for configuring SSL for Single Instance Type now.
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)