发表新帖
发表新帖

Adding SSL certificate issues by ACM to Apache virtual host on ubuntu machine

后端 未结
关注
2 1984
眼角桃花
眼角桃花 2021-01-21 10:59

I am trying my Hands-on ACM for SSL certificates.

I have requested a public certificate for a domain \'prod.yp-uae.waveaxis.space\' which is attached to a load balancer.

相关标签:
2条回答
  • 眼角桃花
    2021-01-21 11:29

    To add to @Marcin answer based on our discussion you need to ensure that you serve assets and reference domains in your JavaScript to use a HTTPS protocol and not a HTTP protocol (as is currently being used).

    If the user is accessing the site over HTTPS, any requests using HTTP may be blocked due to "Mixed Content" which would then stop your site from loading these resources. This would have worked when the site is also loaded over plain text (HTTP).

    If these also load over HTTPS then Marcins solution will work for you. In addition you are referencing an IP address rather than a domain that can serve the HTTPS request, this should be adjusted as I am assuming this is the IP of an EC2 host rather than the load balancer.

    0 讨论(0)
  • 时光取名叫无心
    2021-01-21 11:43

    Generally you don't need SSL cert on your EC2 instances if you have deployed SSL cert on your ALB. The reason is that ALB is going to terminate your SSL/HTTPS connection, and then it will forward it to your instances as a regular HTTP (non-SSL) connection. In this scenario, the traffic flow is:

    client---(HTTPS)-->ALB----(HTTP)--->EC2 instances

    This design simplifies a lot of work with manually setting up SSL certificates and off-loads its processing to ALB.

    Therefore, if its not really a requirement to have HTTPS between ALB and instance, its just easier to have your Apache serve regular HTTP traffic on port 80.

    The thing I am wondering on is how can I get my ACM SSL certificate

    Sadly you can't access ACM certificates as they can only be used on load balancer, CloudFront distribution and API gateway. This means that you can't use it on instances.

    However, if you really require end-to-end HTTPS, then you should generate and deploy your own self-signed SSL certificate on the instances. This will require a bit of setup, but your connection will be:

    client---(HTTPS)-->ALB----(HTTPS)--->EC2 instances

    However, this is not normally done and in most cases the first scenario with HTTP between ALB and the instance is sufficient.

    0 讨论(0)
 看不清?
提交回复
热议问题