I have been trying get SSL enabled on my AWS Elastic Beanstalk(eb) application with not much luck so far.
After following the documentation for configuring https access on eb, I created a self-signed certificate which I believe to be enough if one just wants encryption.
I created a eb environment which used a load balancer and after uploading the certificate, I was able to use it and pick the secure listening port (8443).
On the EC2 load balancer, I created a listener for
HTTPS 8443 HTTP 80 <cert file>
I then gave the load balancer and the eb instance a security group that had the rule:
Custom TCP Rule TCP 8443 0.0.0.0/0
I also included a config in .ebextensions pointing like the documentation told me:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupName: {Ref : <security_group_name>}
IpProtocol: tcp
ToPort: 8443
FromPort: 8443
CidrIp: 0.0.0.0/8443
Then in my flask application the application had these parameters:
from OpenSSL import SSL
from flask_sslify import SSLify
context = SSL.Context(SSL.TLSv1_2_METHOD)
context.use_privatekey_file('/home/ec2-user/privatekey.pem')
context.use_certificate_file('/home/ec2-user/server.crt')
basic_auth = BasicAuth(application)
sslify = SSLify(application)
if __name__ == '__main__':
application.run(host='0.0.0.0', port=8443, ssl_context=context)
Now when I go to the instance's public IP prefixed with https:// I get this:
Google Chrome Connection info (can't post images with current rep ughh)
Which makes me think that I have the encryption I'm after but the Flask server connection log still shows clear requests (expected to see jumbled, encrypted request info).
When I connect with the *.elasticbeanstalk.com address I get nothing.
So I guess I have two questions:
1) Does this mean I have encryption?
2) Why can't I access the instance with my elasticbeanstalk url?
