Last active
August 14, 2023 09:57
-
-
Save Guneetgstar/4daae13081fb72a62eba5538e22a8cb0 to your computer and use it in GitHub Desktop.
Amazon Elastic Beanstalk with SSL (HTTPS) without a Load Balancer on Single Instanced EC2 Amazon Linux 2 Image (Java)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###### | |
## See https://github.com/awsdocs/elastic-beanstalk-samples/tree/main/configuration-files/aws-provided/security-configuration for refrence. | |
# .ebextensions/https-instance-securitygroup.config | |
Resources: | |
sslSecurityGroupIngress: | |
Type: AWS::EC2::SecurityGroupIngress | |
Properties: | |
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]} | |
IpProtocol: tcp | |
ToPort: 443 | |
FromPort: 443 | |
CidrIp: 0.0.0.0/0 | |
# Optional, for SSH | |
sshSecurityGroupIngress: | |
Type: AWS::EC2::SecurityGroupIngress | |
Properties: | |
GroupId: {"Fn::GetAtt": ["AWSEBSecurityGroup", "GroupId"]} | |
IpProtocol: tcp | |
ToPort: 22 | |
FromPort: 22 | |
CidrIp: 0.0.0.0/0 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###### | |
## See https://github.com/awsdocs/elastic-beanstalk-samples/tree/main/configuration-files/aws-provided/security-configuration | |
# for refrence. | |
# .ebextensions/https-instance.config | |
files: | |
/etc/pki/tls/certs/server.crt: | |
mode: "000400" | |
owner: root | |
group: root | |
content: | | |
-----BEGIN CERTIFICATE----- | |
**Paste your certificate here** | |
-----END CERTIFICATE----- | |
-----BEGIN CERTIFICATE----- | |
**If chained cirtificate, paste your chain here** | |
-----END CERTIFICATE----- | |
/etc/pki/tls/certs/server.key: | |
mode: "000400" | |
owner: root | |
group: root | |
content: | | |
-----BEGIN PRIVATE KEY----- | |
**Paste your key here** | |
-----END PRIVATE KEY----- | |
container_commands: | |
01restart_nginx: | |
command: "service nginx restart" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# .platform/hooks/postdeploy/script.sh | |
echo 'server { | |
listen 443; | |
server_name localhost; | |
ssl on; | |
ssl_certificate /etc/pki/tls/certs/server.crt; | |
ssl_certificate_key /etc/pki/tls/certs/server.key; | |
ssl_session_timeout 5m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | |
ssl_prefer_server_ciphers on; | |
location / { | |
proxy_pass http://localhost:5000; | |
proxy_http_version 1.1; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-SSL on; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
} | |
}' > '/etc/nginx/conf.d/https.conf' | |
echo 'location / { | |
return 301 https://$host$request_uri; | |
}' > '/etc/nginx/conf.d/elasticbeanstalk/00_application.conf' | |
service nginx restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
build: mvn clean help:active-profiles package -Pprod | |
# I am using spring-boot project but you might need to change the build commant required to make the fat jar. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Elastic Beanstalk Nginx Configuration File | |
######### This is a sample /etc/nginx/nginx.conf file. | |
###### Only for refrence. | |
#### This file is supposed to be already present as it is in the EC2 instance to make the get the desired outcome (https). | |
usernginx; | |
error_log/var/log/nginx/error.log warn; | |
pid/var/run/nginx.pid; | |
worker_processesauto; | |
worker_rlimit_nofile 32137; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include/etc/nginx/mime.types; | |
default_type application/octet-stream; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
######## | |
### Here our generated https.conf will be included | |
include conf.d/*.conf; | |
map $http_upgrade $connection_upgrade { | |
default "upgrade"; | |
} | |
server { | |
listen80 default_server; | |
access_log /var/log/nginx/access.log main; | |
client_header_timeout 60; | |
client_body_timeout 60; | |
keepalive_timeout 60; | |
gzipoff; | |
gzip_comp_level4; | |
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/ | |
xml application/xml+rss text/javascript; | |
# Include the Elastic Beanstalk generated locations | |
######### | |
### The above script.sh will replce the generated 00_application.conf and included here. | |
include conf.d/elasticbeanstalk/*.conf; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
web: java -jar target/demo-0.0.1-SNAPSHOT.jar | |
# You can costomize this line to anything that runs your application e.g. include env variables or you have mutiple jars to run from. |
It would be helpful if you add a sample pom.xml that will include the directories/files in the proper location of a Fat jar?
- While using
.ebextensions
and.platform
hooks you don't make a fat jar by yourself asElastic Beanstalk
does it for you so you only put the relevant files with the source code in a zip file and deploy it to the application (I myself haven't tried the other way of deploying the app using a fat jar though so I am not sure if that would work). Now forElastic Beanstalk
to understand how to build the fat jar out of your source code and how to run the app you need to put two more files inside the zip,Buildfile
andProcfile
respectively (which I will add next thanks to you for letting me know). - Surely I can also include a
pom.xml
but that would be like any otherpom.xml
asElastic Beanstalk
doesn't require any additional dependency.
More on it here.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be helpful if you add a sample pom.xml that will include the directories/files in the proper location of a Fat jar?