Elasticbeanstalk configuring HTTPS on Single Insta

2019-07-14 07:07发布

I have deployed a Flask app in EB (single instance) environment and it's working well, and I'm now trying to configure it for https with a self-signed certificate to test it.

So I added a config file like it's shown in EB Developer Guide to .ebextensions (where I had 2 previous files for setting satic dir path and to install postgresql94-devel), so now I have:

/.ebextensions
   a_packages.config
   b_path.config
   singlehttps.config
/.elasticbeanstalk
   config.yml

where config.yml is:

branch-defaults:
  default:
    environment: myApp-env
global:
  application_name: myApp
  default_ec2_keyname: aws-eb
  default_platform: 64bit Amazon Linux 2015.09 v2.0.6 running Python 2.7
  default_region: eu-central-1
  profile: eb-cli
  sc: null

a_packages.config is:

packages:
  yum:
    postgresql94-devel: []

b_path.config is:

option_settings:
   "aws:elasticbeanstalk:container:python:staticfiles":
     "/static/": "flaskApp/static/"

and singlehttps.config is:

Resources:
  sslSecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443
      CidrIp: 0.0.0.0/0

packages:
  yum:
    mod24_ssl : []

files:
  /etc/httpd/conf.d/ssl.conf:  
  mode: "000644"
  owner: root
  group: root
  content: |
    LoadModule wsgi_module modules/mod_wsgi.so
    WSGIPythonHome /opt/python/run/baselinenv
    WSGISocketPrefix run/wsgi
    WSGIRestrictEmbedded On
    Listen 443

    <VirtualHost *:80>
      ServerName myserver
      Redirect permanent / https://myserver  
    </VirtualHost>

    <VirtualHost *:443>
      ServerName myserver

      SSLEngine on
      SSLCertificateFile "/etc/pki/tls/certs/server.crt"
      SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"

      Alias /static/ /opt/python/current/app/static/
      <Directory /opt/python/current/app/static>
        Order allow,deny
        Allow from all
      </Directory>

      WSGIScriptAlias / /opt/python/current/app/application.py

      <Directory /opt/python/current/app>
        Require all granted
      </Directory>

      WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
        python-path=/opt/python/current/app:/opt/python/run/venv/lib/python2.7/site-packages:/opt/python/run/venv/lib64/python2.7/site-packages \
        home=/opt/python/current/app
        user=wsgi \
        group=wsgi \

      WSGIProcessGroup wsgi-ssl
    </VirtualHost>                            

  /etc/pki/tls/certs/server.crt:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      MIID ....   fUJbS8/O+
      -----END CERTIFICATE-----


  /etc/pki/tls/certs/server.key:
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEz ....... JTAwSYIw==
      -----END RSA PRIVATE KEY-----


container_commands:
  01killhttpd:
    command: "killall httpd"
  02waitforhttpddeath:
    command: "sleep 3"

So whenever I try to EB create a new environment with singlehttps.config placed in .ebextensions I can't deploy and the output is:

Enter Environment Name
(default is myApp-dev): myApp-env
Enter DNS CNAME prefix
(default is myApp-env): myApp
Creating application version archive "app-160115_183325".
Uploading myApp/app-160115_183325.zip to S3. This may take a while.
Upload Complete.
Environment details for: myApp-env
  Application name: myApp
  Region: eu-central-1
  Deployed Version: app-160115_183325
  Environment ID: ***********
  Platform: 64bit Amazon Linux 2015.09 v2.0.6 running Python 2.7
  Tier: WebServer-Standard
  CNAME: myApp.elasticbeanstalk.com
  Updated: 2016-01-15 17:34:22.209000+00:00
Printing Status:
INFO: createEnvironment is starting.
INFO: Using elasticbeanstalk-eu-central-1-************* as Amazon S3 storage bucket for environment data.
ERROR: Service:AmazonCloudFormation, Message:'null' values are not allowed in templates
ERROR: Failed to launch environment.

I'm quite sure the problem is in single https.config since without is it' not happening. I can't read anything usefull in logs. I tried to have a look at CloudFourmation but I'm not getting anywhere.

1条回答
劫难
2楼-- · 2019-07-14 07:38

You should indent all content below /etc/httpd/conf.d/ssl.conf line:

files:
  /etc/httpd/conf.d/ssl.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      multiline
      file content
      goes here
查看更多
登录 后发表回答