【发布时间】:2019-06-21 23:56:35
【问题描述】:
我正在尝试使用 HTTPS 部署 Elastic Beanstalk 应用程序,但我不断从我的 HTTPS 端点收到 502 错误。我可以很好地访问 HTTP 端点,并且该站点似乎按预期工作。我只看到 HTTPS 的这个错误。我不确定在哪里可以找到错误,但我没有在 EC2 实例的任何日志中看到任何似乎相关的内容。这可能是我的 SSL 证书的问题吗?我目前正在使用自签名证书进行测试。这是我用来创建资源的 CloudFormation 模板的相关部分:
Resources:
# VPC and Subnets
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: !Sub "ClimbAssistVpc${ResourceNameSuffix}"
InternetGateway:
Type: AWS::EC2::InternetGateway
VpcGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref Vpc
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-west-2a
CidrBlock: 10.0.0.0/17
MapPublicIpOnLaunch: true
VpcId: !Ref Vpc
SubnetB:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-west-2b
CidrBlock: 10.0.128.0/18
MapPublicIpOnLaunch: true
VpcId: !Ref Vpc
SubnetC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-west-2c
CidrBlock: 10.0.192.0/18
MapPublicIpOnLaunch: true
VpcId: !Ref Vpc
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'Security group for Climb Assist Elastic Beanstalk application'
SecurityGroupIngress:
- CidrIp: '0.0.0.0/0'
IpProtocol: tcp
FromPort: 80
ToPort: 80
- CidrIp: '0.0.0.0/0'
IpProtocol: tcp
FromPort: 22
ToPort: 22
SecurityGroupEgress:
- CidrIp: '0.0.0.0/0'
IpProtocol: -1 # all protocols
ToPort: 0
FromPort: 65535
VpcId: !Ref Vpc
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
Route:
Type: AWS::EC2::Route
DependsOn: VpcGatewayAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetB
SubnetCRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetC
# Elastic Beanstalk environments
EBApplication:
Description: The AWS Elastic Beanstalk application, which is a container used to deploy the correct application configuration.
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: !Sub '${ProjectId}app${ResourceNameSuffix}'
Description: The name of the AWS Elastic Beanstalk application to be created for this project.
EBApplicationVersion:
Description: The version of the AWS Elastic Beanstalk application to be created for this project.
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
ApplicationName: !Ref 'EBApplication'
Description: The application version number.
SourceBundle: 'target/ROOT'
EBConfigurationTemplate:
Description: The AWS Elastic Beanstalk configuration template to be created for this project, which defines configuration settings used to deploy different versions of an application.
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName: !Ref 'EBApplication'
Description: The name of the sample configuration template.
OptionSettings:
- Namespace: aws:elasticbeanstalk:environment
OptionName: EnvironmentType
Value: LoadBalanced
- Namespace: aws:elasticbeanstalk:environment
OptionName: ServiceRole
Value: !Ref 'EBTrustRole'
- Namespace: aws:elasticbeanstalk:healthreporting:system
OptionName: SystemType
Value: enhanced
SolutionStackName: !Ref 'SolutionStackName'
EBEnvironment:
Description: The AWS Elastic Beanstalk deployment group where the application is deployed, which is made up of the Amazon EC2 Linux instances launched for this project.
Type: AWS::ElasticBeanstalk::Environment
Properties:
ApplicationName: !Ref 'EBApplication'
EnvironmentName: !Ref 'EBApplication'
CNAMEPrefix:
Fn::Sub: "${ProjectId}${ResourceNameSuffix}"
Description: The application to be deployed to the environment.
TemplateName: !Ref 'EBConfigurationTemplate'
VersionLabel: !Ref 'EBApplicationVersion'
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value: !Ref 'EBInstanceProfile'
- Namespace: aws:autoscaling:launchconfiguration
OptionName: InstanceType
Value: !Ref 'InstanceType'
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value: !Ref 'KeyPairName'
- Namespace: aws:ec2:vpc
OptionName: VPCId
Value: !Ref Vpc
- Namespace: 'aws:ec2:vpc'
OptionName: Subnets
Value:
Fn::Join:
- ','
- - !Ref SubnetA
- !Ref SubnetB
- !Ref SubnetC
- Namespace: 'aws:autoscaling:launchconfiguration'
OptionName: SecurityGroups
Value: !Ref SecurityGroup
- Namespace: 'aws:ec2:vpc'
OptionName: AssociatePublicIpAddress
Value: 'true'
- Namespace: aws:elasticbeanstalk:environment
OptionName: LoadBalancerType
Value: application
- Namespace: aws:elbv2:listener:443
OptionName: DefaultProcess
Value: https
- Namespace: aws:elbv2:listener:443
OptionName: ListenerEnabled
Value: 'true'
- Namespace: aws:elbv2:listener:443
OptionName: Protocol
Value: HTTPS
- Namespace: aws:elbv2:listener:443
OptionName: SSLCertificateArns
Value: arn:aws:acm:us-west-2:172776452117:certificate/724f70c2-01bd-415d-adbc-a5167d4a6fad
- Namespace: aws:elasticbeanstalk:environment:process:https
OptionName: Port
Value: '443'
- Namespace: aws:elasticbeanstalk:environment:process:https
OptionName: Protocol
Value: HTTPS
我对 Elastic Beanstalk 和 EC2 还很陌生,因此我们不胜感激。谢谢!
【问题讨论】:
-
您是否将平衡器上的端口 443 映射到实例上的端口 80?
-
老实说,我不确定,我真的不知道如何检查。你知道我怎么查吗?
-
控制台 -> elasticbeanstalk -> 你的应用 -> 负载均衡器
-
你能先试试同一个 node_v1.zip 吗?那么你可以部署你的代码了吗?
-
@NeverBe 看起来像修复了错误。有了这个新配置,这意味着当我连接到负载均衡器时,我使用的是 HTTPS,但是当负载均衡器将它路由到实例时,它使用的是 HTTP,对吧?如果我想对两个连接都使用 HTTPS 怎么办?
标签: amazon-web-services ssl amazon-ec2 https amazon-elastic-beanstalk