Reputation: 3251
Elastic Beanstalk - Customize Nginx configuration files - PHP Web Application
The beanstalk documentation is not clear on how and what is best way to customize nginx configuration when deploying PHP applications.
I've tried multiple things as include a file /etc/nginx/conf.d/01-security.conf like this:
files:
/etc/nginx/conf.d/01-security.conf:
mode: “000644”
owner: root
group: root
content: |
add_header X-Frame-Options "SAMEORIGIN" always ;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
always;
add_header X-Cache-Status $upstream_cache_status;
I've tried other alternatives but none of them seems to be working. I am a bit confused as beanstalk doesn't give any clear direction on how that should be done for PHP? I've seen people using different strategies, some of them back in 2018, 2017...
I can replace the configuration using container_commands and then restart nginx, but there is any way where I can add more configuration files or modify the original one?
Upvotes: 2
Views: 775
Answers (1)
Reputation: 238189
A possible reason why your /etc/nginx/conf.d/01-security.conf is not working, is because you are using Amazon Linux 2 (AL2). However, the setting file is for old EB platforms based on AL1.
For AL2, the nginx settings should be in .platform/nginx/conf.d/, not in .ebextentions as shown in the docs.
Therefore, you could have the following .platform/nginx/conf.d/myconfig.conf with content:
add_header X-Frame-Options "SAMEORIGIN" always ;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
always;
add_header X-Cache-Status $upstream_cache_status;
The above is an example. I can't verify if the settings will actually work, but it seems to me that you are using AL2, not AL1. In this case, you are ussing wrong folders for the nginx config files.
Upvotes: 2
Related Questions
- Change nginx.conf on Elastic Beanstalk?
- Customizing Nginx Configuration in AWS Elastic Beanstalk
- How to extend nginx config in elastic beanstalk (Amazon Linux 2)
- Insert new Nginx conf in Elastic Beanstalk
- How to modify NGINX configuration on Deploying app Elastic beanstalk
- AWS Elastic Beanstalk Apply configuration file on nginx server
- How to customize nginx config on Node.js Elastic Beanstalk
- Where does Elastic Beanstalk store the nginx configuration file? And how does one modiy it?
- How to amend Nginx config on AWS Elastic Beanstalk
- Amazon Elastic BeansTalk Nginx configuration