我正与弹性青苗时遇到与SSL配置一些麻烦。
I am working with Elastic Beanstalk and am having some trouble with SSL configuration.
我目前所面对的,包括负载均衡的环境和一个EC2实例。负载平衡器443和80。在环境中的EC2实例运行tomcat的端口监听80端口上我的地方,在负载均衡器有一个证书,我能够访问该网站上的端口443和80,一切都是工作的罚款。
I have an environment consisting of a Load Balancer and a single EC2 instance at the moment. The Load Balancer has listeners on port 443 and 80. The EC2 instance in the environment is running tomcat on port 80. I have a certificate in place in the load balancer and I am able to access the site on port 443 and 80 and everything is worked fine.
现在的问题是,我想所有的请求重定向到443端口,甚至是那些进来的80端口上。我已经寻找高和低的方式做到这一点,而无需改变我的安全配置。这是一个小型Web应用程序使用Spring的安全性和MVC在Tomcat 7上运行。我试图用
The problem is that I would like all requests to be redirected to port 443, even ones that come in on port 80. I have searched high and low for a way to do this without having to change my security configuration. This is a small webapp running on Tomcat 7 with Spring security and MVC. I tried using
<sec:intercept-url pattern="/**" requires-channel="https"/>
但我有几个页面,是不是过滤器链这样
but I have several pages that are not part of the filter chain as such
<sec:http pattern="/login.html" security="none" />这似乎喜欢的事,可以在负载均衡解决,但我没有与设置SSL很多经验。任何帮助是AP preciated。
This seems like something that could solved at the load balancer but I do not have much experience with setting up SSL. Any help is appreciated.
推荐答案您ELB接受的443和80的连接,但它终止SSL那里,只接触在80 SSL您的code是基本从浏览器到ELB 。 ELB对青苗后端code是始终在80。
Your ELB accepts connections on 443 and 80, but it terminates the SSL there and contacts your code only on 80. SSL is basically from browser till ELB. ELB to backend code on Beanstalk is always on 80.
因此,任何规则的期望匹配的基础上进入的协议不工作。相反,你应该使用这个头X-转发,原:(这将是由ELB进行设置),然后执行转发规则
So any rule expecting to match based on incoming protocol doesnt work. Instead you should use this header "X-Forwarded-Proto:" (which will be set by ELB) and then do the forwarding rule.
更多推荐
弹性负载均衡器和https
发布评论