Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Beanstalk and Docker ports = what manner of tomfoolery is this?

So I have a docker application that runs on port 9000, and I'd like to have this accessed only via https rather than http, however I don't appear to be making any sense of how amazon handles ports. In short I'd like only expose port 443 and not 80 (on the load balancer layer and the instance layer), but haven't been able to do this.

So my Dockerfile has:

EXPOSE 9000

and my Dockerrun.aws.json has:

{
   "AWSEBDockerrunVersion": "1",
   "Ports": [{
      "ContainerPort": "9000"
    }]
}

and I cannot seem to access things via port 9000, but by 80 only.

When I ssh into the instance that the docker container is running and look for the ports with netstat I get ports 80 and 22 and some other udp ports, but no port 9000. How on earth does Amazon manage this? More importantly how does a user get expected behaviour?

Attempting this with ssl and https also yields the same thing. Certificates are set and mapped to port 443, I have even created a case in the .ebextensions config file to open port 443 on the instance and still no ssl

    sslSecurityGroupIngress:
      Type: AWS::EC2::SecurityGroupIngress
      Properties:
        GroupName: {Ref : AWSEBSecurityGroup}
        IpProtocol: tcp
        ToPort: 443
        FromPort: 443
        CidrIp: 0.0.0.0/0

The only way that I can get SSL to work is to have the Load Balancer use port 443 (ssl) forwarding to the instance port 80 (non https) but this is ridiculous. How on earth do I open the ssl port on the instance and set docker to use the given port? Has anyone ever done this successfully?

I'd appreciate any help on this - I've combed through the docs and got this far with it, but this just plain puzzles me. In short I'd like only expose port 443 and not 80 (on the load balancer layer and the instance layer), but haven't been able to do this.

Have a great day

Cheers

like image 273
Josh Avatar asked Apr 08 '15 02:04

Josh


1 Answers

It's known problem, from http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_image.html:

You can specify multiple container ports, but Elastic Beanstalk uses only the first one to connect your container to the host's reverse proxy and route requests from the public Internet.

So, if you need multiple ports, AWS Elastic Beanstalk is probably not the best choice. At least Docker option.

Regarding SSL - we solved it by using dedicated nginx instance and proxy_pass'ing to Elastic Beanstalk environment URL.

like image 184
sap1ens Avatar answered Nov 11 '22 19:11

sap1ens