Reputation: 13397
How do I enable HTTPS for my Elastic Beanstalk Java application?
My instance is a single instance, no load balancer.
I cannot seem to add a load balancer to my existing app instance.
Other recommendations regarding Elastic Load Balancer are obsolete - there seems to be no such service in AWS.
I do not need caching or edge delivery - my application is entirely transactional APIs, so probably don't need CloudFront.
I have a domain name and a name server (external to AWS). I have a certificate (generated in Certificate Manager).
How do I enable HTTPS for my Elastic Beanstalk Java application?
Upvotes: 3
Views: 210
Answers (3)
Reputation: 930
AWS "Nitro Enclaves" can bind AWS created certificates directly to your elastic beanstalk NGINX or Apache webserver. This is the only way to use AWS generated certificates (or certs you import into AWS certificate management (AWS ACM)) directly with your EC2 webserver without introducing something else like a load balancer or cloudfront (Note that low cost instances like t2 and t3 do not support the requirements needed for this solution):
https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html
If you obtain a certificate from some other certificate authority, you can configure it yourself on your EC2 instance. Here are some helpful starting points for learning what's involved.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html
It's a fair amount of work, and involves learning a lot about NGINX, but unlike adding cloudfront, these solutions will not incur additional aws costs.
Lastly, this post can help to polish the NGINX TLS-related config and get it ready to deploy automatically to new instances:
https://stackoverflow.com/a/77248471/431425
Upvotes: 1
Reputation: 13397
I asked the original question. I ended up using CloudFront.
That created a problem that cookies were not being passed through.
I created a custom Caching Policy to allow the cookies, and in doing so, I also changed the caching TTLs to be very low. This served my purposes.
Upvotes: 0
Reputation: 14819
CloudFront is the easiest and cheapest way to add SSL termination, because AWS will handle it all for you through its integration with certificate manager.
If you add an ELB, you have to run it 24/7 and it will double the cost of a single instance server.
If you want to support SSL termination on the server itself, you're going to have to do that yourself (using your web container, such as apache, nginx, tomcat or whatever you're running). Its not easy to setup.
Even if you don't need caching, CloudFront is going to be worth it just for handling your certificate (which is as simple as selecting the certificate from a drop-down).
Upvotes: 2
Related Questions
- How to enable HTTPS for Elastic Beanstalk url
- How to force https on elastic beanstalk?
- Allowing https for Elastic Beanstalk
- AWS Elastic Beanstalk (single instance) : how to enable HTTPS for a Spring Boot application?
- Enabling HTTPS and HTTP with Elastic Beanstalk application
- HTTPS AWS Elastic Beanstalk
- How to get HTTPS to work on a website - specifically an Elastic Beanstalk site in AWS
- Adding SSL to AWS Beanstalk
- Https configuration in AWS Elastic Beanstalk
- SSL on Elastic Beanstalk