How to configure .ebextensions for nginx location directive?

Question

I want to configure my staging environment in Elastic Beanstalk to always disallow all spiders. The nginx directive would look like this:

location /robots.txt {
    return 200 "User-agent: *\nDisallow: /";
}

I understand that I would want to create a file under the .ebextensions/ folder, such as 01_nginx.config, but I'm not sure how to structure the YAML inside it such that it would work. My goal is to add this location directive to existing configuration, not have to fully replace any existing configuration files which are in place.

Answer 1

There is an approach which uses the more recent .platform/nginx configuration extension on Amazon Linux 2 (as opposed to older AMIs).

The default nginx.conf includes configuration partials in two locations of the overall nginx.conf file. One is immediately inside the http block, so you can't place additional location blocks here, because that's not syntactically legal. The second is inside the server block, though, and that's what we need.

This second location's partial files are included from a special sub-directory, .platform/nginx/conf.d/elasticbeanstalk. Place your location fragment here to add location blocks, like so:

# .platform/nginx/conf.d/elasticbeanstalk/packs.conf
location /packs {
    alias /var/app/current/public/packs;
    gzip_static on;
    gzip on;
    expires max;
    add_header Cache-Control public;
}

You find this in the documentation under Reverse Proxy Configuration.

Answer 2

To fix this - you need to wrap your configuration file. You should have, if you're using Docker, a zip file (mine is called deploy.zip) that contains your Dockerrun.aws.json. If you don't - it's rather easy to modify, just zip your deploy via zip -r deploy.zip Dockerrun.aws.json

With that - you now need to add a .platform folder as follows:

├── .platform
│   └── nginx
│       └── conf.d
│           └── custom.conf

You can name your custom.conf whatever you want, and can have as many files as you want. Inside custom.conf, you simply need to place the following inside

client_max_body_size 50M;

Or whatever you want for your config. With that - modify your zip to now be

zip -r deploy.zip Dockerrun.aws.json

And deploy. Your Nginx server will now respect the new command

Answer 3

For version Amazon Linux 2 use this path on your bundle and zip this foldes together

.platform/nginx/conf.d/elasticbeanstalk/000_my_custom.conf

Answer 4

This is what's working for me:

files:
   "/etc/nginx/conf.d/01_syncserver.conf":
    mode: "000755"
    owner: root
    group: root
    content: |
      # 10/7/17; See https://github.com/crspybits/SyncServerII/issues/35
      client_max_body_size 100M;
      # SyncServer uses some http request headers with underscores
      underscores_in_headers on;
      # 5/20/21; Trying to get the load balancer to respond with a 503
      server {
        listen 80;
        server_name _ localhost; # need to listen to localhost for worker tier
        location / {
          return 503;
        }
      }

container_commands:
  01_reload_nginx:
    command: pgrep nginx && service nginx reload || true

Answer 5

I wanted to do the same thing. After a lot of digging, I found 2 ways to do it:

Option 1. Use an ebextension to replace the nginx configuration file with your custom configuration

I used this option because it is the simplest one.

Following the example given by Amazon in Using the AWS Elastic Beanstalk Node.js Platform - Configuring the Proxy Server - Example .ebextensions/proxy.config, we can see that they create an ebextension that creates a file named /etc/nginx/conf.d/proxy.conf. This file contains the same content as the original nginx configuration file. Then, they delete the original nginx configuration file using container_commands.

You need to replace the Amazon example with the contents of your current nginx configuration file. Note that the nginx configuration files to be deleted in the containter command must be updated too. The ones I used are:

• nginx configuration file 1: /opt/elasticbeanstalk/support/conf/webapp_healthd.conf
• nginx configuration file 2: /etc/nginx/conf.d/webapp_healthd.conf

Therefore, the final ebextension that worked for me is as follows:

/.ebextensions/nginx_custom.config

# Remove the default nginx configuration generated by elastic beanstalk and
# add a custom configuration to include the custom location in the server block.
# Note that the entire nginx configuration was taken from the generated /etc/nginx/conf.d/webapp_healthd.conf file
# and then, we just added the extra location we needed.

files:
  /etc/nginx/conf.d/proxy_custom.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      upstream my_app {
        server unix:///var/run/puma/my_app.sock;
      }

      log_format healthd '$msec"$uri"'
                      '$status"$request_time"$upstream_response_time"'
                      '$http_x_forwarded_for';

      server {
        listen 80;
        server_name _ localhost; # need to listen to localhost for worker tier

        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
          set $year $1;
          set $month $2;
          set $day $3;
          set $hour $4;
        }

        access_log  /var/log/nginx/access.log  main;
        access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;

        location / {
          proxy_pass http://my_app; # match the name of upstream directive which is defined above
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location /assets {
          alias /var/app/current/public/assets;
          gzip_static on;
          gzip on;
          expires max;
          add_header Cache-Control public;
        }

        location /public {
          alias /var/app/current/public;
          gzip_static on;
          gzip on;
          expires max;
          add_header Cache-Control public;
        }

        location /robots.txt {
          return 200 "User-agent: *\nDisallow: /";
        }
      }

container_commands:
  # Remove the default nginx configuration generated by elastic beanstalk
 removeconfig:
    command: "rm -f /opt/elasticbeanstalk/support/conf/webapp_healthd.conf /etc/nginx/conf.d/webapp_healthd.conf"

Once you deploy this change, you have to reload the nginx server. You can connect to your server using eb ssh your-environment-name and then run sudo service nginx reload

Option 2. Use an ebextension to modify the nginx configuration file generator, so that it includes your custom locations in the final nginx configuration file

The second option is based on this post: jabbermarky's answer in Amazon forums

He explains this method very well in his answer, so I encourage you to read it if you want to implement it. If you are going to implement this answer, you need to update the location of the nginx file configuration generator.

Note that I have not tested this option.

In summary, he adds a shell script to be executed before the nginx configuration file is generated. In this shell script, he modifies the nginx configuration file generator to include the server block locations he wants in the generated nginx configuration file. Finally, he adds a file containing the locations he wants in the server block of the final nginx configuration file.

Answer 6

It seems that the mentioned approaches dont work anymore. The new approach is to place nginx .conf files into a subfolder in .ebextensions:

You can now place an nginx.conf file in the .ebextensions/nginx folder to override the Nginx configuration. You can also place configuration files in the .ebextensions/nginx/conf.d folder in order to have them included in the Nginx configuration provided by the platform.

Source

This does not require a restart of nginx either as Elastic Beanstalk will take care of that.

Answer 7

This is achievable using .ebextension config files, however I'm having difficulty kicking nginx to restart after a change to its configuration files.

# .ebextensions/nginx.config
files:
  "/etc/nginx/conf.d/robots.conf":
    mode: "000544"
    owner: root
    group: root
    content: |
      location /robots.txt {
        return 200 "User-agent: *\nDisallow: /";
      }
    encoding: plain

Now, I've done similar to add a file to kick the nginx tyres, however for some odd reason it's not executing:

"/opt/elasticbeanstalk/hooks/appdeploy/enact/03_restart_nginx.sh":
  mode: "000755"
  owner: root
  group: root
  content: |
    #!/usr/bin/env bash
    . /opt/elasticbeanstalk/containerfiles/envvars
    sudo service nginx restart
    ps aux | grep nginx > /home/ec2-user/nginx.times.log
    true
  encoding: plain

Answer 8

Mmmmm! .ebextensions!

You're probably easiest off creating a shell script to change your configuration, and then running that. Don't really know nginx, but try something along the lines of:

files:
    "/root/setup_nginx.sh" :
    mode: "000750"
    owner: root
    group: root
    content: |
        #!/bin/sh
        #  Configure for NGINX
        grep robots.txt <your_config_file> > /dev/null 2>&1
        if [ $? -eq 1 ] ; then
            echo < EOF >> <your_config_file>
            location /robots.txt {
                return 200 "User-agent: *\nDisallow: /";
            }
            EOF
        # Restart any services you need restarting
        fi

container_commands:
    000-setup-nginx:
        command: /root/setup_nginx.sh

I.e. first create a schell script that does what you need, then run it.

Oh, and be careful there are no tabs in your YAML! Only spaces are allowed... Check the log file /var/log/cfn_init.log for errors...

Good luck!