1) Mở port 443
2) Cài đặt mod_ssl
3) Tạo file ssl.conf trong thư mục httpd/conf.d
Lấy file private key và public key rồi ghi vào file ssl.config
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {Ref : AWSEBSecurityGroup} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 packages: yum: mod24_ssl : [] files: /etc/httpd/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/certs/server.key" ProxyPass / http://localhost:80/ retry=0 ProxyPassReverse / http://localhost:80/ ProxyPreserveHost on LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ErrorLog /var/log/httpd/elasticbeanstalk-error_log TransferLog /var/log/httpd/elasticbeanstalk-access_log </VirtualHost> /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root content: | -----BEGIN CERTIFICATE----- your-certificate-here -----END CERTIFICATE----- /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root content: | -----BEGIN RSA PRIVATE KEY----- your-key-here -----END RSA PRIVATE KEY----- |
Hoặc mình đã mua SSL rồi thì có thể vào cấu hình tron file ssl.conf
|
1 2 3 4 5 |
<VirtualHost _default_:443> SSLCertificateKeyFile /etc/ssl/mydomain_com.key SSLCertificateFile /etc/ssl/mydomain_com.crt SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle </VirtualHost> |
Auto redirect từ http sang https:
|
1 2 3 4 |
<VirtualHost *:80> ServerName www.example.com Redirect permanent / https://secure.example.com/ </VirtualHost> |
Chúc các bạn thành công