From 519b580e14798d305c4ecf1bf6a10a430f6a35d2 Mon Sep 17 00:00:00 2001
From: Patrick Fic <snaptsoft@gmail.com>
Date: Mon, 13 Apr 2020 20:48:43 -0700
Subject: [PATCH] Added elastic beanstalk config

---
 .../https-instance-securitygroup.config       | 72 +++++++++++++++++++
 .ebextensions/proxy.config                    | 55 ++++++++++++++
 2 files changed, 127 insertions(+)
 create mode 100644 .ebextensions/https-instance-securitygroup.config
 create mode 100644 .ebextensions/proxy.config

diff --git a/.ebextensions/https-instance-securitygroup.config b/.ebextensions/https-instance-securitygroup.config
new file mode 100644
index 000000000..de5657dde
--- /dev/null
+++ b/.ebextensions/https-instance-securitygroup.config
@@ -0,0 +1,72 @@
+packages:
+  yum:
+    mod24_ssl : []
+ 
+files:
+  "/etc/httpd/conf.d/ssl_rewrite.conf":
+    mode: "000644"
+    owner: root
+    group: root
+    content: |
+        RewriteEngine On
+        RewriteCond %{HTTP:X-Forwarded-Proto} !https
+        RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
+ 
+  /etc/httpd/conf.d/ssl.conf:
+    mode: "000644"
+    owner: root
+    group: root
+    content: |
+      LoadModule ssl_module modules/mod_ssl.so
+      Listen 443
+      <VirtualHost *:443>
+        <Proxy *>
+          Order deny,allow
+          Allow from all
+        </Proxy>
+ 
+        SSLEngine             on
+        SSLCertificateFile "/etc/letsencrypt/live/LETSENCRYPT_DOMAIN/fullchain.pem"
+        SSLCertificateKeyFile "/etc/letsencrypt/live/LETSENCRYPT_DOMAIN/privkey.pem"
+        SSLCipherSuite        EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+        SSLProtocol           All -SSLv2 -SSLv3
+        SSLHonorCipherOrder   On
+        SSLSessionTickets     Off
+ 
+        Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+        Header always set X-Frame-Options DENY
+        Header always set X-Content-Type-Options nosniff
+         
+        ProxyPass / http://localhost:80/ retry=0
+        ProxyPassReverse / http://localhost:80/
+        ProxyPreserveHost on
+        RequestHeader set X-Forwarded-Proto "https" early
+         
+      </VirtualHost>
+  "/opt/elasticbeanstalk/tasks/taillogs.d/letsencrypt.conf":
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      /var/log/letsencrypt/letsencrypt.log
+ 
+container_commands:
+# installs certbot
+  10_stop_apache:
+    command: "killall httpd ; sleep 3"
+  10_replace_placeholders:
+    command: |
+      source /opt/elasticbeanstalk/support/envvars
+      SED_EXPRESSION='s/LETSENCRYPT_DOMAIN/'$LETSENCRYPT_DOMAIN'/g'
+      echo $SED_EXPRESSION
+      sed -i -e $SED_EXPRESSION /etc/httpd/conf.d/ssl.conf
+  20_install_certbot:
+    command: "mkdir -p /opt/certbot &amp;&amp; wget https://dl.eff.org/certbot-auto -O /opt/certbot/certbot-auto &amp;&amp; chmod a+x /opt/certbot/certbot-auto"
+  30_install_certificate:
+    command: |
+      source /opt/elasticbeanstalk/support/envvars
+      sudo /opt/certbot/certbot-auto certonly --debug --non-interactive --email ${LETSENCRYPT_EMAIL} --agree-tos --standalone -d "$LETSENCRYPT_DOMAIN" -d "www.$LETSENCRYPT_DOMAIN" --renew-by-default
+  40_start_apache:
+    command: |
+      source /opt/elasticbeanstalk/support/envvars
+      sudo httpd -k start
\ No newline at end of file
diff --git a/.ebextensions/proxy.config b/.ebextensions/proxy.config
new file mode 100644
index 000000000..36b4dc7df
--- /dev/null
+++ b/.ebextensions/proxy.config
@@ -0,0 +1,55 @@
+files:
+  /etc/nginx/conf.d/proxy.conf:
+    mode: "000644"
+    owner: root
+    group: root
+    content: |
+      upstream nodejs {
+        server 127.0.0.1:3000;
+        keepalive 256;
+      }
+
+      server {
+        listen 8080;
+
+        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
+            set $year $1;
+            set $month $2;
+            set $day $3;
+            set $hour $4;
+        }
+        access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
+        access_log  /var/log/nginx/access.log  main;
+
+        location / {
+            proxy_pass  http://nodejs;
+            proxy_set_header   Connection "";
+            proxy_http_version 1.1;
+            proxy_set_header        Host            $host;
+            proxy_set_header        X-Real-IP       $remote_addr;
+            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        gzip on;
+        gzip_comp_level 4;
+        gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+        location /static {
+            alias /var/app/current/static;
+        }
+
+      }
+
+  /opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      #!/bin/bash -xe
+      rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
+      service nginx stop 
+      service nginx start
+
+container_commands:
+  removeconfig:
+    command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
\ No newline at end of file