How to configure single ec2 instance in elastic beanstalk with https

0
votes

As of right now the easiest way to have https is to use a load balancer in elastic beanstalk recently they created an article which states the following.

You can use configuration files to configure the proxy server that passes traffic to your application to terminate HTTPS connections. This is useful if you want to use HTTPS with a single instance environment, or if you configure your load balancer to pass traffic through without decrypting it.

To enable HTTPS, you must allow incoming traffic on port 443 to the EC2 instance that your Elastic Beanstalk application is running on. You do this by using the Resources key in the configuration file to add a rule for port 443 to the ingress rules for the AWSEBSecurityGroup security group.

The following snippet adds an ingress rule to the AWSEBSecurityGroup security group that opens port 443 to all traffic for a single instance environment:

.ebextensions/https-instance-securitygroup.config

Resources:
  sslSecurityGroupIngress: 
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

There is another elastic beanstalk configuration file that they request you include in your .ebextensions folder which can be found here https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-nodejs.html

replace private key contents with the contents of the private key used to create the certificate request or self-signed certificate.

I have done the step of adding private key contents and public certificate in the config file i created in the ebextensions folder. Deployment worked but when I go to the elastic beanstalk url its not https.

1
node.jsamazon-web-servicesamazon-ec2amazon-elastic-beanstalk
I recommend using application load balancer instead of classic load balancer since you can easily set the redirection rules in your application load balancer settings without overwriting web server configuration file as you do. - ikonuk

1 Answers

0
votes

The nginx configuration that you linked will only add another listener for port 443. It will not automatically redirect http traffic to the https endpoint. Can you try the https version of your app and see if it works?

You can override the configuration for port 80 to, but a simpler solution may be to handle that in your application code. If you look at the configuration for port 443, it will send a X-Forwarded-Proto header to your node.js application.

I think this blog post may help you: http://blog.lookfar.com/blog/2017/07/19/how-to-https-all-the-things-in-node/

  app.use(function(req, res, next){
    if(req.header('x-forwarded-proto') !== 'https'){
        res.redirect('https://' + req.header('host') + req.url);
    }else{
        next();
    }
  })