小贝子编程

运行 PHP 的单个 EC2 Linux 实例上的 SSL:"connection refused"错误



我试图在一个运行PHP的EC2 Linux实例上启用SSL,但遇到了"拒绝连接"错误。

我按照以下说明启用SSL:http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/SSL.SingleInstance.html

在第4步中,我完成了创建.config文件的步骤(我确保缩进是正确的),并将其放在.eextensions文件夹中:http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ssl-singleinstance-php.html

此外,我为HTTPS创建了一个新的安全组(入站HTTPS|TCP|443|0.0.0.0/0)

提交更改后,我继续使用aws.push进行部署。部署成功(没有错误)。然而,当我尝试在http和https上加载实例时,我看到了一个"拒绝连接"错误。

为了查看是否可以恢复这种情况,我删除了.config文件并重新部署,但我仍然看到错误,该网站目前无法访问。

你知道我做错了什么吗?我读了类似问题的答案,但我找不到解决这个问题的办法。我还想知道如何恢复配置以恢复网站。

这是我的配置文件:

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0
packages:
  yum:
    mod24_ssl : []
files:
  /etc/httpd/conf.d/ssl.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      LoadModule ssl_module modules/mod_ssl.so
      Listen 443
      <VirtualHost *:443>
        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>
        SSLEngine             on
        SSLCertificateFile    "/etc/pki/tls/certs/server.crt"
        SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
        SSLCipherSuite        EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
        SSLProtocol           All -SSLv2 -SSLv3
        SSLHonorCipherOrder   On
        SSLSessionTickets     Off
        Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff
        ProxyPass / http://localhost:80/ retry=0
        ProxyPassReverse / http://localhost:80/
        ProxyPreserveHost on
        RequestHeader set X-Forwarded-Proto "https" early
        LogFormat "%h (%{X-Forwarded-For}i) %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
        ErrorLog /var/log/httpd/elasticbeanstalk-error_log
        TransferLog /var/log/httpd/elasticbeanstalk-access_log
      </VirtualHost>
  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      mycertificateheremycertificateheremycertificateheremycertificate
      -----END CERTIFICATE-----
  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
      -----END RSA PRIVATE KEY-----

回答我自己的问题,因为这可能会帮助其他人:

问题出在亚马逊Linux服务器的版本上(2014年而不是2015年)。上面的配置文件不适用于2014服务器。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium