admin/bodyshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added elastic beanstalk config

Browse Source
This commit is contained in:
Patrick Fic
2020-04-13 20:48:43 -07:00
parent ad5d371547
commit 519b580e14
2 changed files with 127 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
.ebextensions/https-instance-securitygroup.config Normal file
View File

@@ -0,0 +1,72 @@
packages:
yum:
mod24_ssl : []
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/LETSENCRYPT_DOMAIN/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/LETSENCRYPT_DOMAIN/privkey.pem"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:80/ retry=0
ProxyPassReverse / http://localhost:80/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https" early
</VirtualHost>
"/opt/elasticbeanstalk/tasks/taillogs.d/letsencrypt.conf":
mode: "000755"
owner: root
group: root
content: |
/var/log/letsencrypt/letsencrypt.log
container_commands:
# installs certbot
10_stop_apache:
command: "killall httpd ; sleep 3"
10_replace_placeholders:
command: |
source /opt/elasticbeanstalk/support/envvars
SED_EXPRESSION='s/LETSENCRYPT_DOMAIN/'$LETSENCRYPT_DOMAIN'/g'
echo $SED_EXPRESSION
sed -i -e $SED_EXPRESSION /etc/httpd/conf.d/ssl.conf
20_install_certbot:
command: "mkdir -p /opt/certbot &amp;&amp; wget https://dl.eff.org/certbot-auto -O /opt/certbot/certbot-auto &amp;&amp; chmod a+x /opt/certbot/certbot-auto"
30_install_certificate:
command: |
source /opt/elasticbeanstalk/support/envvars
sudo /opt/certbot/certbot-auto certonly --debug --non-interactive --email ${LETSENCRYPT_EMAIL} --agree-tos --standalone -d "$LETSENCRYPT_DOMAIN" -d "www.$LETSENCRYPT_DOMAIN" --renew-by-default
40_start_apache:
command: |
source /opt/elasticbeanstalk/support/envvars
sudo httpd -k start