I am in the process of migrating a website for a client to AWS. I have everything configured and working except that the client would like to be able to accept payments on there website. I followed several guides on how to get SSL working using elastic beanstalk. Currently I have it set up to use a source bundle and I created a config file in the .ebextensions file that looks like this:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupName: {Ref : AWSEBSecurityGroup}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
mod24_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000755"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
ProxyPass / http://localhost:80/ retry=0
ProxyPassReverse / http://localhost:80/
ProxyPreserveHost on
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
source: sourceHere
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
source: sourceHere
where sourceHere is the link to the file in S3, I have also tried using content directly in place of source but the result is the same, the application launches without any errors but any attempts to connect to the IP address or provided URL just say that the page is unavailable. If i build the same zip file but leave out the config files it builds correctly. This is pretty much exactly what AWS has on there support page and in the documentation for Elastic Beanstalk so I am not sure what is happening.
Elastic Beanstalk provides platforms for programming languages (Go, Java, Node. js, PHP, Python, Ruby), application servers (Tomcat, Passenger, Puma), and Docker containers. Some platforms have multiple concurrently-supported versions.
Instead of provisioning SSL via .ebextensions you should look at adding it via the Load Balancer under the Elastic Beanstalk Environment configuration >> Networking Tier >> Load Balancing.
The easiest way, other than using the CLI tools, is to create a EC2 load balancer and add the keys. Once you pass stage 2 (Select Certificate) then you can abort and the certificate will be save for Elastic Beanstalk usage.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With