2

From now on, my application needs a secure connection (HTTPS). I verify that most of tutorials for adding secure connections (https) on Amazon Web Services Elastic Beanstalk uses the Elastic Load Balancer as a tunnel.

In my case I'm running a single instance, in fact I don't need a Load Balancer. How can I add a secure connection to my instance without a Elastic Load Balancer? Is that possible?

I am using 64bit Amazon Linux 2017.03 v2.4.4 running PHP 7.0 Elastic Beanstalk.

Daniel Santos
  • 14,328
  • 21
  • 91
  • 174

4 Answers4

2

Edit

You can also use CloudFront for this. This will also allow you to use certification from Certification Manager. Just remember to create them in N-Virginia region.

WARNING

The data between CloudFront and Elastic Beanstalk is still going to be exchanged over http as your container doesn't support https. enter image description here

You also need to change the following settings:

  • Under Allowed HTTP Methods you need to selected at least GET, HEAD, OPTIONS, but most likely you'll want also POST/PUT allowed http methods

  • You don't want CloudFront to cache your results, so you'll need to set the Cache Policy to Managed-CachingDisabled enter image description here

  • You also want your all the request's headers, cookies & query strings to be passed on to the Origin i.e. your Elastic BeanStalk Container. To do so you need to set the Origin Request Policy to Managed-AllViewer enter image description here

guneetgstar
  • 621
  • 7
  • 15
Radu Diță
  • 13,476
  • 2
  • 30
  • 34
0

That is definitely possible. Here is an example from AWS using Apache.

The basic steps are:

  1. Enable SSL on the server
  2. Get a certificate authority (CA) signed certificate. For testing purposes you can create a self signed cert. Here is an example of how to do that using openssl.
ecarlin
  • 1,163
  • 8
  • 8
  • please verify https://stackoverflow.com/questions/46310436/how-to-configure-ssl-in-a-amazon-elastic-beanstalk-instance-with-configuration-f – Daniel Santos Sep 19 '17 at 22:31
  • Smauel Neff's answer is correct. It is certainly AWS best practice when using a managed resource like Beanstalk to also use also use a managed service like ELB to handle SSL encryption. But, it is possible to not follow that practice and manage it yourself. Just adds more configuration for you. – ecarlin Sep 20 '17 at 17:01
0

https can be configured without a load balancer using a proxy server which is your case (php with Amazon Linux 2+) should be nginx. I have created a gist for configuring https in EBS and it fits in Free Tier but for java. You can see more examples here but first find what proxy server you are using(apache or nginx) as the configuration varies accordingly. For more info see Reverse proxy configuration

guneetgstar
  • 621
  • 7
  • 15
-1

Currently aws docs are for old amazon linux, so they won't work.

Here's what you should do:

  1. Open port 443 in security groups
  2. Add your certificate and private key files on the server. You can use .ebextensions for that.
  3. Create nginx conf file on the server in /etc/nginx/conf.d, and make it listen to port 443 and use your certificate files to encrypt connection.

In proxy_pass add your app (127.0.0.1:your_port)

You can either create nginx conf files using ssh or add .platform/nginx/conf.d in your app's root folder and add your configuration files in there.

If you prefer more detailed explanation, here you go: https://youtu.be/zTXS3a67-9c

Avoup
  • 1
  • 2
  • 2
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/low-quality-posts/28460466) – legoscia Mar 04 '21 at 16:15
  • @legoscia thanks for advice, I changed it. – Avoup Mar 04 '21 at 21:13