Skip to main content

Attaching SSL certificate to AWS Elastic BeanStalk's single instance environment

Attaching SSL certificate to AWS Elastic BeanStalk's single instance environment

Step 1:

Create a ssl certificate

Go to this link to create a free ssl certificate
Create folders .well-known > acme-challenge and put the file which you got while creating a ssl above eg. 2elaFuIeUlvdNUGhnGa3A4NLSPYM21AyK7uHHZNc_s0
The website will need to confirm that you are the legitimate user of the domain for which you are claiming the ssl certificate. To verify, you can go to your node server and add
app.get('/.well-known/acme-challenge/2elaFuIeUlvdNUGhnGa3A4NLSPYM21AyK7uHHZNc_s0', function (req, res) {
    res.sendFile(__dirname + '/.well-known/acme-challenge/2elaFuIeUlvdNUGhnGa3A4NLSPYM21AyK7uHHZNc_s0');
});
Download the certificates

Step 2:

Upload the ssl certificate to EBS environment

Create a folder .ebextensions
Inside this folder, create a file called https-instance.config and put the following contents
Resources:
  sslSecurityGroupIngress: 
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0
      
files:
  /etc/nginx/conf.d/https.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      # HTTPS server

      server {
          listen       443;
          server_name  localhost;
          
          ssl                  on;
          ssl_certificate      /etc/pki/tls/certs/server.crt;
          ssl_certificate_key  /etc/pki/tls/certs/server.key;
          
          ssl_session_timeout  5m;
          
          ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
          ssl_prefer_server_ciphers   on;
          
          location / {
              proxy_pass  http://nodejs;
              proxy_set_header   Connection "";
              proxy_http_version 1.1;
              proxy_set_header        Host            $host;
              proxy_set_header        X-Real-IP       $remote_addr;
              proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          }
      }
  /etc/nginx/conf.d/000_my_config.conf:
    mode: "000755"
    owner: root
    owner: root
    content: |
      server {
          listen 8080;
          return 301 https://$host$request_uri;
      }
  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      *your certificate*
      -----END CERTIFICATE-----
      
  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      *your private key*
      -----END RSA PRIVATE KEY-----
Replace the certificate and private key in above file and zip the application and upload to beanstalk environment and you are done

Security:

For security reasons you can upload the private key to aws s3 bucket and add the following snippet of code to grant EBS's instance to access the bucket to read the private key.
Resources:
  AWSEBAutoScalingGroup:
    Metadata:
      AWS::CloudFormation::Authentication:
        S3Auth:
          type: "s3"
          buckets: ["elasticbeanstalk-us-east-1-xxxxxxxxxxx"]
          roleName: 
            "Fn::GetOptionSetting": 
              Namespace: "aws:autoscaling:launchconfiguration"
              OptionName: "IamInstanceProfile"
              DefaultValue: "aws-elasticbeanstalk-ec2-role" 
              
  files:
    /etc/pki/tls/certs/server.key:
      mode: "000400"
      owner: root
      group: root
      source: https://s3.amazonaws.com/elasticbeanstalk-us-east-1-xxxxxxxxxx/server.key

Sources:

Comments

Post a Comment

Popular posts from this blog

When to use Azure Virtual Machine Scale Sets?

So it all started with client's requirement to build a Minimum Viable Product (MVP). The backend of the product was written in python and involved processing of images using Computer Vision. We decided to host the backend in Azure. There were lots of advantages of having the backend hosted in cloud instead of having an on-premise setup. The thing that attracted us the most was infrastructure scaling and availability of the system. We now dont have to bother about infrastructure, power consumption, system availability, system failures, etc. We were in need of GPU machines to run the code in backend. We though of using N-Series Azure virtual machines for this purpose. We wanted to scale the machines horizontally to handle multiple requests. We booted up few more machines to handle the load. This is where Azure Load balancer came into picture. Since there were multiple instances of virtual machines, we needed someone to decide for us, which machine the request should go to. We connect...
Post a Comment
Read more

Rich previews using SEO, for Single Page Applications while sharing links on any social media

You probably know what SEO is. The scope of this article is to solve the problem of rich previews when you share a link about your Single Page Application(SPA) on any social media. This problem exists because, as the name suggests SPAs has only one HTML page in which entire application is loaded. This implicitly means that either we solve the problem of meta tags for each application route somehow or follow the workaround as mentioned below to serve content to bots separately. This article makes use of AWS services to achive our goals of rich previews. Assumptions I assume that the SPA is hosted in a S3 bucket and is connected to cloudfront. Read more about cloudfront here .  The concept Maintain a S3 bucket with route names as the folders inside it. Each folder will have an index.html file corresponding to that route. At minimum, this index.html, for any specific route, will have a html document with head section having all the required meta information. When any o...
2 comments
Read more

Designing a Simple HTML website with materialize

Hello guys, I am a beginner in Web Development. So it all started with the use of html tags and how the browser interprets and translates this markup for us. I started up with building a small website. Usually when we talk about content websites, the more appealing and user friendly the website is, the more you attract the customers. So i started up browsing for some good UI libraries. In my context, i had assumed that materials UI is only supported by angular. But to my surprise, it was not. Here are the 3 options i could find for materials implementation in simple content websites. materializecss bootstrap-material-design getmdl.io My next worry was, i had to reload the damn thing again and again every time i made some changes either in javascript or html. One of the options that i came accoss is to make use of gulp tasks to automate this whole procedure. This procedure for me involved the following things: Auto reload of browser window on some changes in code. Mi...
Post a Comment
Read more