我有一个问题要HTTPS添加到我的EC2实例，也许你们可以有答案，使其工作。

I have a problem to add https to my ec2 instance and maybe you guys can have the answer to make it work.

我有一个负载平衡器的forwanding连接到我的EC2实例，我已经将SSL证书添加到负载平衡器和一切正常，我已经添加一个侦听端口443，将转发到端口443我的实例，我已经配置Apache以listent两个端口443和80，现在我在这里的负载均衡器的截图：

I have a load balancer that is forwanding the connection to my EC2 instance, I've add the SSL certificate to the load balancer and everything went fine, I've add a listener to the port 443 that will forward to the port 443 of my instance and I've configured apache to listent on both port 443 and 80, now here the screenshot of my load balancer:

SSL证书是有效的，并在80端口（HTTP），一切都很好，但如果我尝试了用HTTPS请求没有得到通过。

The SSL certificate is valid and on port 80 (http) everything is fine, but if I try the with https the request does not got through.

你知道吗？

干杯

推荐答案

弹性负载均衡可以不是你的HTTPS请求给服务器转发。这就是为什么SSL有：以prevent在中间人攻击（其中包括）

Elastic Load Balancer can not forward your HTTPS requests to the server. This is why SSL is there : to prevent a man in the middle attack (amongst others)

您可以得到这个工作的方式如下：

The way you can get this working is the following :

在配置ELB接受443的TCP连接，并通过IAM（就像你一样）安装SSL证书 继电器通过TCP 80到你的Web服务器的舰队 在配置Web服务器接受TCP 80通信（具有负载均衡器和Web服务器之间的SSL也支持，但不是必需的大部分时间）

配置Web服务器安全组为只接受来自负载均衡器的流量。 configure your ELB to accept 443 TCP connection and install an SSL certificate through IAM (just like you did) relay traffic on TCP 80 to your fleet of web servers configure your web server to accept traffic on TCP 80 (having SSL between the load balancer and the web servers is also supported, but not required most of the time)

configure your web servers Security Group to only accept traffic from the load balancer.

（可选）确保你的Web服务器运行在一个专用子网，即只有私有IP地址和互联网网关的路由

(optional) be sure your Web Servers are running in a private subnet, i.e. with only private IP addressed and no route to the Internet Gateway

如果你真的需要有客户端之间的端至端的SSL隧道，你后端服务器（例如，为了执行客户端SSL认证），那么你就必须配置负载平衡器在TCP模式，未在HTTP模式下（见支持双向TLS / HTTP与ELB 了解详情）

If you really need to have an end-to-end SSL tunnel between your client and you backend servers (for example, to perform client side SSL authentication), then you'll have to configure your load balancer in TCP mode, not in HTTP mode (see Support for two-way TLS/HTTPS with ELB for more details)

详细信息：

在SSL负载平衡器：http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPS.html 负载均衡在VPC： http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenariosForVPC.html SSL Load Balancers : http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPS.html Load Balancers in VPC : http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenariosForVPC.html