Enable HTTPS on Amazon Beanstalk in Spring Boot application

In fact, it seems that it is not very obvious how to do this with Spring Boot.

However I don’t know exactly if I should create or edit files and directories and where, especially as in the application S3 have the following architecture.

Goes into the root of the Spring Boot JAR.

It seems that the simplest form to do this is for Maven.

Add the .ebextensions at the root of your project and add the following plugin at the end of plugins pom.xml for your project:

<plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-antrun-plugin</artifactId>
            <version>1.6</version>
            <executions>
                <execution>
                    <id>prepare</id>
                    <phase>package</phase>
                    <configuration>
                        <tasks>
                            <unzip src="${project.build.directory}/${project.build.finalName}.jar" dest="${project.build.directory}/${project.build.finalName}" />
                            <copy todir="${project.build.directory}/${project.build.finalName}/" overwrite="false">
                                <fileset dir="./" includes=".ebextensions/**"/>
                            </copy>
                            <zip compress="false" destfile="${project.build.directory}/${project.build.finalName}.jar" basedir="${project.build.directory}/${project.build.finalName}"/>
                        </tasks>
                    </configuration>
                    <goals>
                        <goal>run</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>

This plugin will use ant to unzip the final Spring Boot JAR, copy the .ebextensions at the root of the JAR content, compress the content into a new JAR with the same name as the original.

After a few searches and performing this procedure manually, follow the step-by-step to climb a Spring Boot application with https in the Elastic Beanstalk of just one instance, just as @Duiliobenjoino said in the comments he managed to perform the procedure with Load Balance since AWS automates the inclusion of SSL certificate leaving everything simpler, on the other hand it is a little more complex when we do not have Load Balance.

That description and a compilation of the official documentation: https://docs.aws.amazon.com/pt_br/elasticbeanstalk/latest/dg/https-singleinstance-java.html

According to the official link to enable https in a Java SE environment that is the case of Spring Boot it is necessary that it be packaged together with bytecode of a folder called . ebextensions that folder must have 3 files, are they:

1. .ebextensions/https-instance.config
2. .ebextensions/https-instance-single.config
3. .ebextensions/Nginx/conf. d/https.conf

An important remark about the first two files, I had a little trouble generating them correctly because it is possible to send themlos in two formats YAML or JSON as the documentation recommends YAML for the fact that it is more readable was the format I chose but I had never used and I did not pay attention to the issue of formatting something that is very clear in the documentation and that should be followed to the perfect functioning, "always use spaces to back up the keys at different nesting levels" this means that a text editor should be used that uses spaces to format the file in my case I used Intellij that does this as default for YAML files.

When creating a new file in Intellij with the . config extension you will be asked which editor you want to associate this file with YAML.

Follow the documentation for more information about the configuration files: https://docs.aws.amazon.com/pt_br/elasticbeanstalk/latest/dg/ebextensions.html

The first file refers to the SSL certificate, its private key and a command to restart Nginx. I will not go into detail of the generation of this self-signed certificate as it is very detailed here at the end of the certificate generation there were two server.crt and privatekey.pem files respectively. Put the content of the certificate inside content in the path /etc/pki/tls/Certs/server.crt and the content of the key inside content in the path /etc/pki/tls/Certs/server.key getting this way: (much attention to the issue of formatting)

The second file refers to the instance security group as we are configuring a single instance environment this setting is mandatory to add a rule to the group of this instance that serves to enable traffic on port 443, just copy the code to the file as this in the documentation.

The third file refers to the configuration of Nginx, this is a reverse proxy that comes by default in the Elastic Beanstalk environment, it has a default configuration but to enable https and need to replace it. Just copy the code to the file like this in the documentation by replacing the app_port value with the port number of your application.

With the 3 files created your Spring Boot project should look like this:

The project is ready to be sent to Elasticbeanstalk with https enabled problem and that the default jar that is generated by the spring boot plugin does not contain the folder. ebextensions, to generate a jar that contains this folder is necessary just as @Dherik commented in his reply to add a new plugin, I did exactly how he put it with just a change in the zip tag, destfile property put at the end of the AWS name to differentiate the spring boot jar from the AWS specific.

destfile="${project.build.directory}/${project.build.finalName}-AWS.jar"

Follow the link to the example project created for possible questions: https://github.com/pedrobacchini/EnableHTTPSElasticBeanstalk

Regarding the use of the certificate generated by aws I believe it is necessary to copy the certificate and private key as I described for the certificate self-signed and should work normally, I am not sure because I did not test this case because the certificate auto-signed was enough.