admin/bodyshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added elastic beanstalk config

Browse Source
This commit is contained in:
Patrick Fic
2020-04-13 20:48:43 -07:00
parent ad5d371547
commit 519b580e14
2 changed files with 127 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
.ebextensions/https-instance-securitygroup.config Normal file
View File

@@ -0,0 +1,72 @@
packages:
yum:
mod24_ssl : []
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/LETSENCRYPT_DOMAIN/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/LETSENCRYPT_DOMAIN/privkey.pem"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:80/ retry=0
ProxyPassReverse / http://localhost:80/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https" early
</VirtualHost>
"/opt/elasticbeanstalk/tasks/taillogs.d/letsencrypt.conf":
mode: "000755"
owner: root
group: root
content: |
/var/log/letsencrypt/letsencrypt.log
container_commands:
# installs certbot
10_stop_apache:
command: "killall httpd ; sleep 3"
10_replace_placeholders:
command: |
source /opt/elasticbeanstalk/support/envvars
SED_EXPRESSION='s/LETSENCRYPT_DOMAIN/'$LETSENCRYPT_DOMAIN'/g'
echo $SED_EXPRESSION
sed -i -e $SED_EXPRESSION /etc/httpd/conf.d/ssl.conf
20_install_certbot:
command: "mkdir -p /opt/certbot &amp;&amp; wget https://dl.eff.org/certbot-auto -O /opt/certbot/certbot-auto &amp;&amp; chmod a+x /opt/certbot/certbot-auto"
30_install_certificate:
command: |
source /opt/elasticbeanstalk/support/envvars
sudo /opt/certbot/certbot-auto certonly --debug --non-interactive --email ${LETSENCRYPT_EMAIL} --agree-tos --standalone -d "$LETSENCRYPT_DOMAIN" -d "www.$LETSENCRYPT_DOMAIN" --renew-by-default
40_start_apache:
command: |
source /opt/elasticbeanstalk/support/envvars
sudo httpd -k start

55
.ebextensions/proxy.config Normal file
View File

@@ -0,0 +1,55 @@
files:
/etc/nginx/conf.d/proxy.conf:
mode: "000644"
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:3000;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location /static {
alias /var/app/current/static;
}
}
/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh:
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
service nginx stop
service nginx start
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"