当我尝试在 Amazon EC2 实例上上传 SSL 证书时遇到困难。我有我的私钥以及从 CA 获得的服务器证书。但是当我在 apache 的 .config 文件中配置它并重新启动服务器时,它失败了。 当我验证 YAML 格式 ( http://yaml-online-parser.appspot.com/ ) 时,它会抛出以下错误,
while scanning a simple key
in "<unicode string>", line 51, column 1:
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYD ...
^
could not found expected ':'
in "<unicode string>", line 52, column 1:
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdp ...
^
下面是我的 .config 文件语法,它是有效的 YAML 格式。当我在此处放置实际的 KEY 和 CERTIFICATE(PEM 格式)内容时,它因上述错误而中断。
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
mod_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerName www.mydomain.com
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
MIID5jCCAs4CCQCNEX8DqNboazANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSwwKgYD
VQQKDCNCSFNBVkkgQ2FiIFNlcnZpY2VzIFByaXZhdGUgTGltaXRlZDELMAkGA1UE
CwwCSVQxGTAXBgNVBAMMECoudGF4aWNpcmNsZS5jb20xJzAlBgkqhkiG9w0BCQEW
GHByYXNoYW50aEBteW9mZmljZWNhYi5pbjAeFw0xNjAyMDgxNDQ1MzdaFw0xNzAy
MDcxNDQ1MzdaMIG0MQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIw
EAYDVQQHDAlCZW5nYWx1cnUxLDAqBgNVBAoMI0JIU0FWSSBDYWIgU2VydmljZXMg
UHJpdmF0ZSBMaW1pdGVkMQswCQYDVQQLDAJJVDEZMBcGA1UEAwwQKi50YXhpY2ly
Y2xlLmNvbTEnMCUGCSqGSIb3DQEJARYYcHJhc2hhbnRoQG15b2ZmaWNlY2FiLmlu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvogqbCp8t0UcL9Uspcme
drEF4FBynok2YoSkPfMKBZQ+0m+079ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwK
kszBcmhlYLK5WUCkKHjjxyBaEkU6VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjI
ghjlxcaduLXoheIaDQ/GvS8XXR0+kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ
/TuwgAvZExwzxD+pOr/PauEUmHFIqqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPh
GvAwf+1CMTNq9ThCSRb/UuEKjCwLr7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDT
mwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBICHhx4ozMBcBtUYss9/4Id0aN2GPr
eJLONRKp7gN60NfxiLdl3zI0pIwvrV5/J6mWdyHcGmbBm43bzpKiesG1k7q3ERhY
V7NahaXfMu+hdEtCnwrWgCQa7G1qGX6RyscgCIkBWq87RTAsJjMqXuGDFUiPUezj
12wPQXq0N5F7+abCM5KllZ3lTIuuWV/T5jxFH+SHV+hc5osrWZxipMEOYIG2Ndeg
/RTRO9QflHB/uN7ZaIZWsWHP0dPud6nX92xdWiknz6Sem3sm4698MKATeC6MSHq0
z9J//0wwLdGL5zGipAew6Yu6E/vexTaseQWCAkvN0urWDIJwU+3N2ls7
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvogqbCp8t0UcL9UspcmedrEF4FBynok2YoSkPfMKBZQ+0m+0
79ecutxt7KvGlozdC5P6HddVD1xZwT9ZMqwKkszBcmhlYLK5WUCkKHjjxyBaEkU6
VTHhqr52oENRDahXoGpwlCxE7iSVSfHQ4wjIghjlxcaduLXoheIaDQ/GvS8XXR0+
kajiTvdctXOdUogt+sAelfzqS3P5M2f45+DJ/TuwgAvZExwzxD+pOr/PauEUmHFI
qqXZPnMkE7GdaOI7aZlaotiz+7coxn0KPNPhGvAwf+1CMTNq9ThCSRb/UuEKjCwL
r7QtPEpi0ZlN8tK7brKNk/oCZjhzCTmCzDDTmwIDAQABAoIBAQCRSVe//232elaS
CuXuzZ1uOHKYp/+e8FZuLWLockl0E6UL5m58bVdwDeIslJfr+SIdUAtrceXEvtEa
UOn9f77YThY83WpgoChB7M7Apd5a20qToAJpMI46Gt5uOqa12WZoRoHuGwu85FyK
dECqvunWepHLjDZ8wQm7/buLtjn/y3YVGkUvldBzjK56TnKIu6VOiDIHUdgGfR9T
LNZAnnoGQ49WDGy96n3bmBIbTCOGunNOhvnnQFR4XhN/Q9LuQqDb3tEGK8a2CpMM
JjHcAGdsJv3kTvmQDOUG0ety0mRvHhu4CZc3AVcRnvQ0e7l3p2d5SZ3YiXBtzEUb
8w5PejZRAoGBAN/ygKKdJ8Np8kPvIEwu3s8nBG0xbyO4Xkua6fsL/Ks8JbVQCucg
QWrAEL1d1L8nNCY1kxFU2nNk74pBwxXa4SdzcYHjLAnbu9YcrqxUM8tSESbytrzJ
ouYmbVDS7TlLzYGd6a5a42MMudVHhPKHkzbTW1/xeuseBGD5u9/VMv/FAoGBANnN
UD0yYYtdeonwhW7LIXyHAirs45gJ35Vvh89BeEOndEVgPWtSw9t6XQ69xWsAtlDU
G7I3Z9sNeb7cO1Z1au1NqaPgtihOrGCIIjRNKVBf9PuKIosbHy3wab6RuVMbumVw
rPC3sL31TKMzbMZH6FMRLT0DH7EWvEHNeBJxBVvfAoGAH8MWKXoenKGXIbl1nDh9
k2XWQ+Jh/+/zN8fl7Zw6ntKuCnQqx7MUdB5/gUwgk2ftBopMrIWbYghrzPEcySm9
C0pdS+27Xj6S+oAg6gIbQngGRL7h2g7DEt9aW78+tASjRgHulbMAUxkH9k7pdThz
UbBSYl4ub9BXEKX61nk3fX0CgYAt1sE5b/4Jl83vdBiRHd1ZWQzCvgKUgBd3WvbJ
Tu0hx/93jm6+xLeF3LXzIUuIXqkAT/PYSULpXmeuHKm8Y4/yi7LVU7jiuNQcqOoR
+d9lFBz6R7NHdZjVUVDgE8leTWqoaNNtAiwHfrX3bx5IiN/Dg8zyl1K3MaLDcpv/
vZu0HwKBgQCcJ4bw2MEeaJd6KY5pUu+g/rcId5SyIwzZyEwIJ6ai26Nw2pg3hbVv
x6VyMeI559AJevBdrCHx+5F0whaBnIw6/Ccld09+onrDD95lHdMtjvcZqKkX/dC3
rXdRtDphGUdjScgRnV1KL7KU/xgB0xQLYq/SrZSVuXrQB7bMQx/puA==
-----END RSA PRIVATE KEY-----
container_commands:
killhttpd:
command: "killall httpd"
waitforhttpddeath:
command: "sleep 3"
感谢任何帮助。
最佳答案
在 YAML 中,空格和正确的缩进是语法的一部分。
在第 50 和 57 行中,您需要在 multiline string 之前添加两个额外的空格。这样它就不会被视为 key 。
-----BEGIN CERTIFICATE-----<my crt content>-----END CERTIFICATE----- # add two spaces in front
第 57 行相同:
-----BEGIN RSA PRIVATE KEY-----<my private key content>-----END RSA PRIVATE KEY----- #two additional spaces in front
关于amazon-web-services - YAML 解析器错误 : could not found expected : in <unicode string>,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40401273/