I configured my AWS Elastic BeanStalk single instance to use the HTTPS protocol for my custom domain attached to it, using the official documentation provided by AWS for the JAVA SE platform (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-java.html). However, when I access the custom domain the browser still says it's not secure.
In order to make it HTTPS I created a new .ebextensions folder inside the root directory of my project and added the following files:
.ebextensions/nginx/conf.d/https.conf:
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5000;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
with the proxy_pass being set to localhost:5000 as I configured it on my instance using the SERVER_PORT 5000 parameter.
.ebextensions/https-instance.config:
files:
/etc/pki/tls/certs/server.crt:
content: |
-----BEGIN CERTIFICATE-----
certificate file contents (certificate.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate certificate (ca_bundle.crt)
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
content: |
-----BEGIN RSA PRIVATE KEY-----
private key contents (private.key)
-----END RSA PRIVATE KEY-----
container_commands:
01restart_nginx:
command: "service nginx restart"
where I generated a 90 days period certificate for my custom domain (www.my-custom-domain.com) using ZeroSSL which generated the following files: ca_bundle.crt, certificate.crt and private.key.
.ebextensions/https-instance-single.config:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
I created this files in IntelliJ using spaces as indentation just like the AWS documentation says and also added the .ebextensions folder on the root of my .war archive which I deployed to my Elastic BeanStalk instance.
Do you have any idea why it's not working? I also checked the browser for any info related to why it's not secure, but apart from the 'The page is not secure' message I don't get anything else in the Security tab inside the DevTools.
I'm not sure if it can be a browser caching issue since it's not working in neither one of the browsers I have (Chrome, Firefox and Edge - which I'm not using at all). Beside this I don't have the lock mark on the upper left of the browser's URL address like it should, it just says "Not secure". Also, shouldn't the command "service nginx restart" that you are talking about should automatically restart the nginx server itself after it's deployed?