CODEWITHSUNDEEP
amazon-web-servicesdockersslamazon-elastic-beanstalk
Anl Bozkurt
Anl Bozkurt

Reputation: 21

SSL on an elastic beanstalk instance using docker

I am desperately trying to add SSL to our webapp which is running on elastic beanstalk with a single docker conatiner. I followed the documentation of aws https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-docker.html and added all the needed information. After running eb deploy nothing changes in the config of the instance. SSHing onto it shows that none of the 2 needed files have been created.

envar.config:

    # 01_envar.config
option_settings:
  aws:elasticbeanstalk:application:environment:
    PORT: 3000
    NODE_ENV: production

files:
  /etc/nginx/conf.d/https.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      # HTTPS Server

      server {
        listen 443;
        server_name localhost;

        ssl on;
        ssl_certificate /etc/pki/tls/certs/server.crt;
        ssl_certificate_key /etc/pki/tls/certs/server.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
          proxy_pass http://docker;
          proxy_http_version 1.1;

          proxy_set_header Connection "";
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto https;
        }
      }

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
          -----BEGIN CERTIFICATE-----

          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----

          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----

          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----

          -----END CERTIFICATE-----      
  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
              -----BEGIN RSA PRIVATE KEY-----
              -----END RSA PRIVATE KEY-----
Resources:
  sslSecurityGroupIngress: 
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

I'm very new to deploying apps on aws and any help would be really appreciated!

Thank you in advance

Upvotes: 2

Views: 1344

Answers (1)

Yaron Idan
Yaron Idan

Reputation: 6765

Configuring TLS into the ELB elastic beanstalk provides the environment takes less effort then configuring the environment nginx configuration, so it should be a better choice for most use-cases.

Upvotes: 1

Related Questions