Is possible to use Amazon Elastic Beanstalk with SSL (HTTPS) without a Load Balancer?

2
votes

From now on, my application needs a secure connection (HTTPS). I verify that most of tutorials for adding secure connections (https) on Amazon Web Services Elastic Beanstalk uses the Elastic Load Balancer as a tunnel.

In my case I'm running a single instance, in fact I don't need a Load Balancer. How can I add a secure connection to my instance without a Elastic Load Balancer? Is that possible?

I am using 64bit Amazon Linux 2017.03 v2.4.4 running PHP 7.0 Elastic Beanstalk.

4
amazon-web-servicessslamazon-ec2amazon-elastic-beanstalkelastic-load-balancer

4 Answers

2
votes

Edit

You can also use CloudFront for this. This will also allow you to use certification from Certification Manager. Just remember to create them in N-Virginia region.

WARNING

The data between CloudFront and Elastic Beanstalk is still going to be exchanged over http as your container doesn't support https. enter image description here

You also need to change the following settings:

  • Under Allowed HTTP Methods you need to selected at least GET, HEAD, OPTIONS, but most likely you'll want also POST/PUT allowed http methods

  • You don't want CloudFront to cache your results, so you'll need to set the Cache Policy to Managed-CachingDisabled enter image description here

  • You also want your all the request's headers, cookies & query strings to be passed on to the Origin i.e. your Elastic BeanStalk Container. To do so you need to set the Origin Request Policy to Managed-AllViewer enter image description here

0
votes

That is definitely possible. Here is an example from AWS using Apache.

The basic steps are:

  1. Enable SSL on the server
  2. Get a certificate authority (CA) signed certificate. For testing purposes you can create a self signed cert. Here is an example of how to do that using openssl.
0
votes

https can be configured without a load balancer using a proxy server which is your case (php with Amazon Linux 2+) should be nginx. I have created a gist for configuring https in EBS and it fits in Free Tier 🎉🎉🎉 but for java. You can see more examples here but first find what proxy server you are using(apache or nginx) as the configuration varies accordingly. For more info see Reverse proxy configuration

-1
votes

Currently aws docs are for old amazon linux, so they won't work.

Here's what you should do:

  1. Open port 443 in security groups
  2. Add your certificate and private key files on the server. You can use .ebextensions for that.
  3. Create nginx conf file on the server in /etc/nginx/conf.d, and make it listen to port 443 and use your certificate files to encrypt connection.

In proxy_pass add your app (127.0.0.1:your_port)

You can either create nginx conf files using ssh or add .platform/nginx/conf.d in your app's root folder and add your configuration files in there.

If you prefer more detailed explanation, here you go: https://youtu.be/zTXS3a67-9c