Question:
I am in the process of migrating a website for a client to AWS. I have everything configured and working except that the client would like to be able to accept payments on there website. I followed several guides on how to get SSL working using elastic beanstalk. Currently I have it set up to use a source bundle and I created a config file in the .ebextensions file that looks like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {Ref : AWSEBSecurityGroup} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 packages: yum: mod24_ssl : [] files: /etc/httpd/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | LoadModule ssl_module modules/mod_ssl.so Listen 443 Order deny,allow Allow from all SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/certs/server.key" ProxyPass / http://localhost:80/ retry=0 ProxyPassReverse / http://localhost:80/ ProxyPreserveHost on LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ErrorLog /var/log/httpd/elasticbeanstalk-error_log TransferLog /var/log/httpd/elasticbeanstalk-access_log /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root source: sourceHere /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root source: sourceHere |
where sourceHere is the link to the file in S3, I have also tried using content directly in place of source but the result is the same, the application launches without any errors but any attempts to connect to the IP address or provided URL just say that the page is unavailable. If i build the same zip file but leave out the config files it builds correctly. This is pretty much exactly what AWS has on there support page and in the documentation for Elastic Beanstalk so I am not sure what is happening.
Answer:
There is a problem of indentation in your config file: /etc/pki/tls/certs/server.crt and /etc/pki/tls/certs/server.key should be at the same level as /etc/httpd/conf.d/ssl.conf.
You should correct the indentation so you get:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
files: /etc/httpd/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | LoadModule ssl_module modules/mod_ssl.so Listen 443 Order deny,allow Allow from all SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/certs/server.key" ProxyPass / http://localhost:80/ retry=0 ProxyPassReverse / http://localhost:80/ ProxyPreserveHost on LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ErrorLog /var/log/httpd/elasticbeanstalk-error_log TransferLog /var/log/httpd/elasticbeanstalk-access_log /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root source: sourceHere /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root source: sourceHere |