I need to add p3p headers to the static resource location on a standard Nodejs & Nginx Elastic Beanstalk.
I've created an ebextension
script as explained on this question. The script uses sed to add a add_header
directive under the alias
line, which is under the static location directive. It runs on the /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
file.
The script not only modifies the file, it also copies it to a "safe" location, i.e. /home/ec2-user. According to /var/log/cfn-init.log
, the script runs correctly. As evidence, the copy of the modified file shows the additional header at the right place. But the /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
file does not have this modification.
I can only deduce that although my script runs fine, something else later in the deployment process overwrites it. Which is strange, because according to documentation container commands are run after the application and web server have been set up, so I don't see what does it.
So ho/what is overwriting this file and how can I prevent that?
It seems that Elastic Beanstalk has changed and the commonly recommended approach/hack of overwriting #etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
doesn't work any more. Nor does creating any file in /tmp/deployment/config.
The solution I found was to overwrite /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
directly, using a container_commands directive, since these commands are executed after the Elastic Beanstalk install creates it's version of the nginx config.
From http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#linux-container-commands:
They [container_commands] run after the application and web server have been set up and the application version file has been extracted, but before the application version is deployed.
I did this in three steps within .ebextensions:
Create my version of the nginx config file.
Create a script to overwrite the standard config file with my own.
Run the script.
The first two steps happen earlier in the install process, while the last uses container_commands so as described previous happens late in the install.
Here's the files I used:
File .ebextensions/install_nginx_config_01.config:
(Note that the indenting is important)
#
# STEP 1 - Create the nginx config file
#
files:
"/tmp/my.nginx.conf" :
mode: "000755"
owner: root
group: root
content: |
# This file was overwritten during deployment
# by .ebextensions/install_nginx_config_03.config
upstream nodejs {
server 127.0.0.1:3000;
keepalive 256;
}
server {
listen 8080;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
File .ebextensions/install_nginx_config_02.config:
#
# STEP 2 - Create a script that will overwrite the Nginx config
#
files:
"/tmp/install-nginx-config.sh" :
mode: "000755"
owner: root
group: root
content: |
#!/bin/sh
cp /tmp/my.nginx.conf /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
File .ebextensions/install_nginx_config_03.config:
#
# STEP 3 - Run the script to overwrite the nginx config template.
#
container_commands:
01_runmyshellscript:
command: "/tmp/install-nginx-config.sh"
After spending almost entire day and trying out all the possible solutions, as of July 17, 2017, the above solution does not work.
For me, I wanted to replace /etc/nginx/conf.d/elasticbeanstalk/00_application.conf
I created the below shown folder structure in my .ebextension folder and the file was overwritten with my content. This solution also worked for nginx.conf which is located in /etc/nginx folder
As of this writing, the proper way to update/add values into the http config in the nginx.conf
file without overwriting it is to add a .config
file to the .ebextensions
folder that looks like this:
files:
"/etc/nginx/conf.d/custom_nginx.conf":
content: |
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
This creates a new file called custom_nginx.conf
in the /etc/nginx/conf.d
directory. Since the nginx.conf
file contains
http {
include /etc/nginx/conf.d/*.conf;
}
when the server is started it will pull the 4 timeout vars from custom_nginx.conf
into the http section of nginx.conf
To modify the config file without it being overwritten, the solution is to modify the template file located at /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
I update this file instead to add the desired directive, and it is automatically deployed to /etc/nginx/conf.d
, and voila, the modification is active.
Here are the latest instructions from Amazon, as of August 2018: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-platform-proxy.html
(I have just used these instructions to customize the Nginx proxy for a Node.js app on Elastic Beanstalk, and it works as expected.)
Basically you use your own proxy.conf for Nginx, and remove the auto-generated stuff.
# .ebextensions/proxy.config
files:
/etc/nginx/conf.d/proxy.conf:
mode: "000644"
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:5000;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location /static {
alias /var/app/current/static;
}
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
service nginx stop
service nginx start
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"