I have a django/python based web application that I have been deploying to AWS for the past year. Now we need to get SSL setup so our users can sign up and make payments online.
I've integrated the Stripe checkout js and now I am trying to get a self signed SSL certificate, FOR TESTING, to run on my DEV AWS EB instance.
I went through the AWS documentation here http://ift.tt/1KRCASt
AND, for the config file:
Now when I deploy to my AWS instance, I am getting the following errors:
2015-09-29 23:07:48 UTC-0400 ERROR [Instance: *****] Command failed on instance. Return code: 1 Output: Error occurred during build: Command hooks failed .
2015-09-29 23:07:47 UTC-0400 ERROR Script /opt/elasticbeanstalk/hooks/appdeploy/enact/01flip.py failed with returncode 1
I am not sure what is going on or how to go about debugging these errors.
Here is my config file:
Resources:
sslSecurityGroupIngress:
Properties:
CidrIp: 0.0.0.0/0
FromPort: 443
GroupId:
Ref: AWSEBSecurityGroup
IpProtocol: tcp
ToPort: 443
Type: "AWS::EC2::SecurityGroupIngress"
files:
/etc/httpd/conf.d/ssl.conf:
content: |
LoadModule wsgi_module modules/mod_wsgi.so
WSGIPythonHome /opt/python/run/baselinenv
WSGISocketPrefix run/wsgi
WSGIRestrictEmbedded On
Listen 443
<VirtualHost *:80>
ServerName myserver
Redirect permanent / https://myserver
</VirtualHost>
<VirtualHost *:443>
ServerName myserver
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
Alias /static/ /opt/python/current/app/static/
<Directory /opt/python/current/app/static>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias / /opt/python/current/app/application.py
<Directory /opt/python/current/app>
Require all granted
</Directory>
WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
python-path=/opt/python/current/app:/opt/python/run/venv/lib/python2.7/site-packages user=wsgi group=wsgi \
home=/opt/python/current/app
WSGIProcessGroup wsgi-ssl
</VirtualHost>
group: root
mode: "000755"
owner: root
/etc/pki/tls/certs/server.crt:
content: "-----BEGIN CERTIFICATE-----\n\
********=\n\
-----END CERTIFICATE-----\n\
\x20\n"
group: root
mode: "000400"
owner: root
/etc/pki/tls/certs/server.key:
content: |
-----BEGIN RSA PRIVATE KEY-----
*******
-----END RSA PRIVATE KEY-----
group: root
mode: "000400"
owner: root
packages:
yum:
mod24_ssl: []
I created my private key, certificate key and self signed certificate using OpenSSL when I SSH'ed into the EC2 instance under the ec2-user. In some cases, I've seen people have these files in /var/www/html/. I have the files in the home directory, would that cause a problem?
Any ideas of how to diagnose this or is there a better approach to setting up SSL on a single EB instance?
Thank you.
Aucun commentaire:
Enregistrer un commentaire