Add SSL certificate for Java Spring Boot App hosted using AWS Elastic Beanstalk using Amazon Linux 2

Question

I am using AWS Elastic-beanstalk without Loadbalancer as a server for my Java Spring Boot Application. I want to add SSL certificate files and update nginx configuration to accept SSL traffic on my web app.

Using a load balancer is not an option for me as I don't want to incur extra monthly charges.

My current deployment process is that after creating JAR files using the following command:

`mvn clean package' I upload jar file from AWS console.

Using AWS documentation, we can add custom files using the following syntax:

files:
  /etc/pki/tls/certs/server.crt:
    content: |
      -----BEGIN CERTIFICATE-----
      certificate file contents
      -----END CERTIFICATE-----
      
  /etc/pki/tls/certs/server.key:
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      private key contents # See note below.
      -----END RSA PRIVATE KEY-----

container_commands:
  01restart_nginx:
    command: "service nginx restart"

and update the NGINX config adding updated config in the following path: ebextensions/nginx/conf.d/https.conf

However, my certificate files and Nginx configuration doesn't get updated.

What I have tried so far:

Following this link:

Spring Boot + Elastic Beanstalk .ebextensions in JAR

It updates the certificate files in the EC2 instance but doesn't updates NGINX and also deployment fails with the following error.

Application deployment failed at 2020-09-16T08:43:16Z with exit status 1 and error: Engine execution has encountered an error.
Incorrect application version "system-backend-source-28" (deployment 33). Expected version "system-backend-source-27" (deployment 32).

I am using Amazon Linux 2 So instead of putting config files in the .ebextension folder I also followed this answer and placed NGINX config files in .platform directory but deployment with passes but doesn't updates new NGINX configuration. Neither does it uploads certificate files.

How to extend nginx config in elastic beanstalk (Amazon Linux 2)

If I manually edit Nginx config and update certificate files, my instance runs successfully using HTTPS. But as one can see this is still Manual and actually doing this removes the purpose of using Elastic beanstalk. Is there any way to automatically upload the certificate file and update the NGINX config on deploy?

Answer 1

The following worked for me. In the root directory of your project, create the directories and files shown in the image below:

In addition to the steps mentioned in the AWS documentation add the follwowing contents to the Procfile created in the aws folder:

web: java -jar demo-0.0.1-SNAPSHOT.jar

And in your pom.xml file, updated <configuration> like shown below:

<configuration>
    <tasks>

       <property name="buildName" value="${project.build.finalName}.jar"/>

        <copy todir="${project.build.directory}/aws-build/" overwrite="false">
           <fileset file="${project.build.directory}/${project.build.finalName}.jar"/>
           <fileset dir="./aws" />
        </copy>

        <replace file="${project.build.directory}/aws-build/Procfile" token="@jarname@" value="${buildName}"/>

        <zip compress="false" destfile="${project.build.directory}/aws-build/app-to-deploy.jar" basedir="${project.build.directory}/aws-build"/>

    </tasks>
</configuration>

This will make sure that your certificates are bundled in the build and are uploaded whenever you upload the new build. For my particular case, I then upload the app-to-deploy.jar created after running the following command: mvn clean package

Edit: You should add the nginx server restart command at the end of https-instance.config file to restart the server each time a new build is uploaded like this:

container_commands:
      01restart_nginx:
        command: "service nginx restart"