英文:
Django HTTPS on EC2 without a domain name?
问题
I have a Django app working on HTTP with an EC2 instance running Amazon Linux 2. I was hoping to get HTTPS working without a domain name. How would I get a self signed certificate to work with the public IPv4 address assigned to my EC2 instance and then launch the django app on EC2 with HTTPS? Is it even possible?
我有一个在Amazon Linux 2上运行的EC2实例上工作的Django应用程序,使用HTTP协议。我希望在没有域名的情况下让HTTPS工作。我应该如何使用自签名证书来使其与分配给我的EC2实例的公共IPv4地址一起工作,然后在EC2上启动Django应用程序以支持HTTPS?这是否可能?
I have tried making a certificate using openssl and running the django app using django-extensions and Werkzeug using python manage.py runserver_plus but the app crashes on ec2 (works fine locally). I have tried a few other python packages with the same results.
我尝试使用openssl制作证书,并使用python manage.py runserver_plus使用django-extensions和Werkzeug在EC2上运行Django应用程序,但应用程序在EC2上崩溃(在本地工作正常)。我尝试了一些其他Python包,但结果相同。
Any help is appreciated.
感谢任何帮助。
英文:
I have a Django app working on HTTP with an EC2 instance running Amazon Linux 2. I was hoping to get HTTPS working without a domain name. How would I get a self signed certificate to work with the public IPv4 address assigned to my EC2 instance and then launch the django app on EC2 with HTTPS? Is it even possible?
I have tried making a certificate using openssl and running the django app using django-extensions and Werkzeug using python manage.py runserver_plus but the app crashes on ec2 (works fine locally). I have tried a few other python packages with the same results.
Any help is appreciated.
答案1
得分: 1
你可能需要一个域名,因为很难找到任何官方CA会为你签发IP地址证书。所有公共的EC2实例通常都有一个公共DNS名称,例如ec2-12-34-56-78.us-east-1.compute.amazonaws.com。如果你能找到一个CA愿意为这个地址签发证书,你可以使用它。但是,你需要确保这个地址在服务器的生命周期内不会改变,为此,你需要至少获取一个弹性IP地址。你可能也无法使用免费的AWS ACM证书,因为你无法使用它提供的任何验证机制,由于你无法控制这个_域名_。
对你来说,最简单的选择可能是在你的服务器前面设置一个CloudFront CDN。这将为你提供一个类似d111111abcdef8.cloudfront.net的域名,它已经带有内置的证书。CloudFront和你的EC2实例之间的后端通信可以是不安全的HTTP连接。这会产生轻微的额外费用,但是对于低甚至中等流量的站点来说,这是非常微不足道的。如果设置得当,它还可以显著提高你网站至少静态资产的加载速度,因为CDN可以做到这一点。
英文:
You will probably need some domain name, as you will probably have a hard time finding any official CA which will sign an IP address certificate for you. All public EC2 instances usually get a public DNS name, like ec2-12-34-56-78.us-east-1.compute.amazonaws.com. If you can find a CA which will sign a certificate for this address for you, you could use that. However, you'd need to ensure this address won't change over the lifetime of your server, for which you'd need to get an Elastic IP address at least. You also probably won't be able to use free AWS ACM certificates, as you can't use any of the validation mechanisms it offers, since you don't control the domain.
The easiest option for you is probably to set up a CloudFront CDN in front of your server. That'll give you a domain name like d111111abcdef8.cloudfront.net, which already comes with its built-in certificate. The backend communication between CloudFront and your EC2 instance can be an unsecured HTTP connection. This'll incur a slight overhead cost, but for low or even medium traffic sites, this is really insignificant. If you set it up well, it can also significantly increase the loading speed of at least static assets of your site, as CDNs do.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论