We will be using the ebextensions to deploy the SSL in Elastic beanstalk without using Elastic Load balancer(ELB). This makes sure to bring HTTPS into the environment with hassle-free steps and simple configuration.
Installation and configuration
Clone the project locally to your Linux machine.
$ git clone git@github.com:ahamedyaserarafath/ebextension_https_docker_nginx.git
Copy the extension as .ebextensions in your core code and upload the same in your AWS Elastic Beanstalk.
$ cp -r ebxtenstion <path_to_your_application>/.ebextensions
Download the certificate and key bundler and store those in the S3 bucket or wherever it’s accessible inside the ELB instance or docker.
Add the below values as Environment properties in your Elastic Beanstalk.
+-------------------+--------------------------------------------+ | Key | Value | +-------------------+--------------------------------------------+ | cert_path | <certificate_downloadable_link(.crt/.cert) | | key_path | <certificate_key_downloadable_link(.key) | | location_cert_key | /mnt/cert/ | +-------------------+--------------------------------------------+
Script Flow
- Create a https nginx configuration with the as /etc/nginx/sites-available/https_server.conf
- Delete the location_cert_key directory and create the same.
- Download the cert_path and key_path.
- Move those files to location_cert_key.
- Update the https_server.conf with a respective certificate and key path.
- Link the /etc/nginx/sites-available/https_server.conf to /etc/nginx/sites-enabled/https_server.conf
- Add the post script to restart the nginx(/opt/elasticbeanstalk/hooks/appdeploy/post/99_restart_nginx.sh).
Note and FAQs:
Why restart the Nginx in postscript rather than in the EB-extensions?
As ebextensions will execute at the start of the deployment itself and if you try to restart the application initially at those times docker(your application) will not be up and running and it will end up in error in connection so we need to restart the Nginx in post-deployment.
https://github.com/ahamedyaserarafath/ebextension_https_docker_nginx
GitHub Link, Please feel free to fork and use it