After a few searches and performing this procedure manually, follow the step-by-step to climb a Spring Boot application with https in the Elastic Beanstalk of just one instance, just as @Duiliobenjoino said in the comments he managed to perform the procedure with Load Balance since AWS automates the inclusion of SSL certificate leaving everything simpler, on the other hand it is a little more complex when we do not have Load Balance.
That description and a compilation of the official documentation: https://docs.aws.amazon.com/pt_br/elasticbeanstalk/latest/dg/https-singleinstance-java.html
According to the official link to enable https in a Java SE environment that is the case of Spring Boot it is necessary that it be packaged together with bytecode of a folder called . ebextensions that folder must have 3 files, are they:
- .ebextensions/https-instance.config
- .ebextensions/https-instance-single.config
- .ebextensions/Nginx/conf. d/https.conf
An important remark about the first two files, I had a little trouble generating them correctly because it is possible to send themlos in two formats YAML or JSON as the documentation recommends YAML for the fact that it is more readable was the format I chose but I had never used and I did not pay attention to the issue of formatting something that is very clear in the documentation and that should be followed to the perfect functioning, "always use spaces to back up the keys at different nesting levels" this means that a text editor should be used that uses spaces to format the file in my case I used Intellij that does this as default for YAML files.
When creating a new file in Intellij with the . config extension you will be asked which editor you want to associate this file with YAML.
Follow the documentation for more information about the configuration files:
https://docs.aws.amazon.com/pt_br/elasticbeanstalk/latest/dg/ebextensions.html
The first file refers to the SSL certificate, its private key and a command to restart Nginx. I will not go into detail of the generation of this self-signed certificate as it is very detailed here at the end of the certificate generation there were two server.crt and privatekey.pem files respectively. Put the content of the certificate inside content in the path /etc/pki/tls/Certs/server.crt and the content of the key inside content in the path /etc/pki/tls/Certs/server.key getting this way: (much attention to the issue of formatting)
The second file refers to the instance security group as we are configuring a single instance environment this setting is mandatory to add a rule to the group of this instance that serves to enable traffic on port 443, just copy the code to the file as this in the documentation.
The third file refers to the configuration of Nginx, this is a reverse proxy that comes by default in the Elastic Beanstalk environment, it has a default configuration but to enable https and need to replace it. Just copy the code to the file like this in the documentation by replacing the app_port value with the port number of your application.
With the 3 files created your Spring Boot project should look like this:
The project is ready to be sent to Elasticbeanstalk with https enabled problem and that the default jar that is generated by the spring boot plugin does not contain the folder. ebextensions, to generate a jar that contains this folder is necessary just as @Dherik commented in his reply to add a new plugin, I did exactly how he put it with just a change in the zip tag, destfile property put at the end of the AWS name to differentiate the spring boot jar from the AWS specific.
destfile="${project.build.directory}/${project.build.finalName}-AWS.jar"
Follow the link to the example project created for possible questions:
https://github.com/pedrobacchini/EnableHTTPSElasticBeanstalk
Regarding the use of the certificate generated by aws I believe it is necessary to copy the certificate and private key as I described for the certificate self-signed and should work normally, I am not sure because I did not test this case because the certificate auto-signed was enough.
Thanks for the reply. This procedure would not have as a result the creation of the directory at the root of the place where the app was deployed?
– Duilio Benjoino
It would be different to create the directory . ebextensions on the AWS console manually?
– Duilio Benjoino
@Duiliobenjoino, for the first question, I understand that not. From what I read in the documentation, it needs to be inside the JAR/WAR itself. I recommend doing a test and see if it works.
– Dherik
I am trying to perform the test but still find difficulties in creating the files correctly, especially the file that needs the certificate data. You can use the certificate generated by AWS in this scheme?
– Duilio Benjoino
@Duiliobenjoino, there seems to me another question. I suggest to open a new question about how this configuration should be made
.ebextensions
, because I understood in your original question that your doubt was about the file location and how to put it in the application with Spring Boot.– Dherik
Due to the complexity found and lack of time to resolve the issue, I chose to use a load balance. This way it was simple to set up and became functional. Now is wait to check the costs involved. Anyway, thank you for your attention.
– Duilio Benjoino