Skip to content

Instantly share code, notes, and snippets.

@edwardsamuel

edwardsamuel/00-load-balancer.config

Created July 17, 2015 15:40
Show Gist options
  • Save edwardsamuel/cb5049fdb5325f6d5730 to your computer and use it in GitHub Desktop.
Save edwardsamuel/cb5049fdb5325f6d5730 to your computer and use it in GitHub Desktop.
Download ZIP
Enable HTTPS and HTTP-Redirection on AWS Elastic Beanstalk
Raw
00-load-balancer.config
{
"Resources": {
"AWSEBSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow SSH, HTTP, and HTTPS",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 443,
"ToPort": 443,
"CidrIp": "0.0.0.0/0"
}
]
}
},
"AWSEBLoadBalancerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow HTTP and HTTPS",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 443,
"ToPort": 443,
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 443,
"ToPort": 443,
"CidrIp": "0.0.0.0/0"
}
]
}
},
"AWSEBLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"HealthCheck": {
"HealthyThreshold": "3",
"Interval": "30",
"Target": "HTTP:80/status.html",
"Timeout": "5",
"UnhealthyThreshold": "5"
},
"Listeners": [
{
"LoadBalancerPort": 80,
"Protocol": "HTTP",
"InstancePort": 80,
"InstanceProtocol": "HTTP"
},
{
"LoadBalancerPort": 443,
"Protocol": "HTTPS",
"InstancePort": 443,
"InstanceProtocol": "HTTPS",
"SSLCertificateId": "arn:aws:iam::123456789012:server-certificate/YourSSLCertificate"
}
],
"SecurityGroups": [
{
"Fn::GetAtt": [
"AWSEBLoadBalancerSecurityGroup",
"GroupId"
]
}
]
}
}
}
}
Raw
01-nginx-proxy.config
files:
"/etc/nginx/sites-available/000-default.conf":
mode: "000644"
owner: root
group: root
content: |
map $http_upgrade $connection_upgrade {
default "upgrade";
"" "";
}
server {
listen 80;
server_name your-domain.com;
location = /status.html {
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
ssl on;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /opt/ssl/default-ssl.crt;
ssl_certificate_key /opt/ssl/default-ssl.pem;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
}
"/opt/ssl/default-ssl.crt":
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
*
* YOUR-CHAINED-SSL-CERTIFICATE-HERE
*
-----END CERTIFICATE-----
"/opt/ssl/default-ssl.pem":
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
*
* YOUR-SSL-PRIVATE-KEY-HERE
*
-----END RSA PRIVATE KEY-----
commands:
00_enable_site:
command: 'rm -f /etc/nginx/sites-enabled/* && ln -s /etc/nginx/sites-available/000-default.conf /etc/nginx/sites-enabled/000-default.conf'
@biniyb
Copy link

biniyb commented May 15, 2017

Lines 200 through 209 seem to have 2 separate DependsOn dependencies. This looks to be an error, can you please clarify?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment