Beanstalk deployment ignores my nginx configuration files in .ebextensions

Question

I host my Java webapp on a single-instance Elastic Beanstalk environment and I added several ebextension files which successfully create config files for me upon each deployment. I can't however find a way of getting Beanstalk to add new configs within the /etc/nginx or /etc/nginx/conf.d directories.

I followed the steps described here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-java.html

My deployment package structure looks like this:

$ zip -r deploy.zip api-1.0-SNAPSHOT-all.jar .ebextensions
  adding: api-1.0-SNAPSHOT-all.jar (deflated 11%)
  adding: .ebextensions/ (stored 0%)
  adding: .ebextensions/ssl-certificates.config (deflated 37%)
  adding: .ebextensions/https-instance-securitygroup.config (deflated 38%)
  adding: .ebextensions/nginx/ (stored 0%)
  adding: .ebextensions/nginx/conf.d/ (stored 0%)
  adding: .ebextensions/nginx/conf.d/https.conf (deflated 61%)

My files are nearly 1-to-1 copy of samples in the guide above.

During deployment both my *.config files execute successfully, but the /etc/nginx/conf.d/https.conf is missing. I tried to workaround the issue by removing the .ebextensions/nginx directory and replacing it with another .config file that creates /etc/nginx/conf.d/https.conf from scratch, but this didn't help and the file was still missing.

I ssh-ed onto my EC2 instance and here's what I found in /var/log/eb-engine.log:

2020/05/03 19:42:37.754375 [INFO] Executing instruction: configure proxy Nginx
2020/05/03 19:42:37.754393 [WARN] skipping nginx folder under .ebextensions
2020/05/03 19:42:37.754670 [INFO] No plugin in cfn metadata.

I feel like I might have missed something very obvious here, but surprisingly I couldn't find any solution to my problem. Thoughts? Thanks!

Answer 1

I was facing the same problem. The solution is to put the https.conf file in the path .platform/nginx/conf.d/https.conf and zip it into the deployment package.

See "Reverse proxy configuration" in this link.

Answer 2

I have just solved the same problem.

you can easily solve the problem by configuring the following directory structure.

~/my-app/
|-- readme.md
|-- .ebextensions/
|   |-- options.config       # Option settings
|   -- cloudwatch.config     # Other .ebextensions sections, for example 
-- .platform/
    -- nginx/                # Proxy configuration
        |-- nginx.conf
        -- conf.d/
            -- custom.conf
            -- elasticbeanstalk
               |-- server.conf

for more information, see this url

my /var/log/eb-engine.log showed the message line below.

Running command /bin/sh -c cp -rp /var/app/staging/.platform/nginx/. /var/proxy/staging/nginx

Answer 3

I feel like I'm the only person on the internet with this problem. ;-)

After digging into the logs a little bit more I realised that Beanstalk simply overwrites my nginx configuration at the very end of a deployment process. This meant that all the files my .ebextensions created were lost.

I haven't managed to find a "proper" solution, but I worked it around with a postdeploy hook. My nginx config file is now generated in /home/ec2-user, rather than /etc/nginx, like this:

files:
  /home/ec2-user/https.conf:
    content: |
      server {
        listen       443;
        server_name  localhost;

        ssl                  on;
        ssl_certificate      /etc/pki/tls/certs/server.crt;
        ssl_certificate_key  /etc/pki/tls/certs/server.key;

        ssl_session_timeout  5m;

        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers   on;

        location / {
          proxy_pass  http://localhost:5000;
          proxy_http_version 1.1;
          proxy_set_header    Connection          $connection_upgrade;
          proxy_set_header    Upgrade             $http_upgrade;
          proxy_set_header    Host                $host;
          proxy_set_header    X-Real-IP           $remote_addr;
          proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
          proxy_set_header    X-Forwarded-Proto   https;
        }
      }

And then in .platform/hooks/postdeploy/99_hack_nginx.sh (make sure this directory is included in your deployment package - in the same way as .ebextensions):

cp /home/ec2-user/https.conf /etc/nginx/conf.d
sudo systemctl reload nginx

Make sure it has a proper mode:

chmod +x .platform/hooks/postdeploy/99_hack_nginx.sh

Deploy, and enjoy your HTTPS traffic.