amazon-web-services


HTTPS on Elastic Beanstalk (Docker Multi-container)


I've been looking around and haven't found much content with regards to a best practice when it comes to setting up HTTPS/SSL on Amazon Elastic Beanstalk with a Multi-container Docker environment.
There is a bunch of stuff when it comes to single container configuration, but nothing when it comes to multi-container.
My Dockerrun.aws.json looks like this:
{
"AWSEBDockerrunVersion": 2,
"volumes": [
{
"name": "app-frontend",
"host": {
"sourcePath": "/var/app/current/app-frontend"
}
},
{
"name": "app-backend",
"host": {
"sourcePath": "/var/app/current/app-backend"
}
}
],
"containerDefinitions": [
{
"name": "app-backend",
"image": "xxxxx/app-backend",
"memory": 512,
"mountPoints": [
{
"containerPath": "/app/app-backend",
"sourceVolume": "app-backend"
}
],
"portMappings": [
{
"containerPort": 4000,
"hostPort": 4000
}
],
"environment": [
{
"name": "PORT",
"value": "4000"
},
{
"name": "MIX_ENV",
"value": "dev"
},
{
"name": "PG_PASSWORD",
"value": "xxxx"
},
{
"name": "PG_USERNAME",
"value": "xx"
},
{
"name": "PG_HOST",
"value": "xxxxx"
}
]
},
{
"name": "app-frontend",
"image": "xxxxxxx/app-frontend",
"memory": 512,
"links": [
"app-backend"
],
"command": [
"npm",
"run",
"production"
],
"mountPoints": [
{
"containerPath": "/app/app-frontend",
"sourceVolume": "app-frontend"
}
],
"portMappings": [
{
"containerPort": 3000,
"hostPort": 80
}
],
"environment": [
{
"name": "REDIS_HOST",
"value": "xxxxxx"
}
]
}
],
"family": ""
}
My thinking thus far is I would need to bring an nginx container into the mix in order to proxy the two services and handle things like mapping different domain names to different services.
Would I go the usual route of just setting up nginx and configuring the SSL as normal, or is there a better way, like I've seen for the single containers using the .ebextensions method (http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-docker.html) ?
This is more of an idea (I haven't actually done this and not sure if it would work). But the components appear to be all available to create a ALB that could direct traffic to one process or another based on path rules.
Here is what I am thinking that could be done via .ebextensions config files based on the options available from http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html:
Use aws:elasticbeanstalk:environment:process:default to make sure the default application port and health check is set the way you intend (let's say port 80 is your default in this case.
Use aws:elasticbeanstalk:environment:process:process_name to create a backend process that goes to your second service (port 4000 in this case).
Create a rule for your backend with aws:elbv2:listenerrule:backend which would use something like /backend/* as the path.
Create the SSL listener with aws:elbv2:listener:443 (example at http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-applicationloadbalancer.html) that uses this new backend rule.
I am not sure if additional rules need to be created for the default listener of aws:elbv2:listener:default. It seems like the default might just match /* so in this case anything sent to /backend/* would go to port 4000 container and anything else goes to the port 3000 container.

Related Links

How use Cloudfront to cache images for a long time?
ELB Keeps Inconsistently Failing Health Checks, but EC2 Status Checks OK
How to set up AWS Elastic Beanstalk with Cloudfront For Image and Video Hosting on PHP Stack
How to get list of items from DynamoDB with HashKey while using HashKey+RangeKey combination?
How to publish an event in the microservice world?
AWS::AutoScaling::LaunchConfiguration You are not authorized to perform this operation
Elasteak beanstalk - deploy and source code
Can CloudFormation output an array
Force Elastic Beanstalk to use specific deployment method via “eb deploy” command
Amazon AWS allowing access to bucket getting error in logs and on app
How to assume an AWS role from another AWS role?
Does emrfs support custom query parameters in s3 url?
I don't understand how to get the realm server running on the AWS AMI
AWS s3:ListBucket action results in access denied using conditional StringLike statement on s3:prefix
AWS data pipe line: shellcommandactivity with timedout after a while
Is it possible to access aws resources from different region across accounts using aws assume-role

Categories

HOME
xpath
knockout.js
apache-nifi
cucumber
writefile
risk-management
ios-simulator
nsis
header
dependencies
dji-sdk
static-analysis
roku
mailmerge
powermock
pygobject
nose
tfsbuild
social-tables
neo4j.rb
amazon-sns
candlestick-chart
perfino
cell
environment
data-collection
spreadsheetgear
list-comprehension
openbravo
django-import-export
social-networking
autodesk-model-derivative
python-2.x
microsoft-certifications
grails-2.5
assertions
redgate
runtimeexception
eclipse-gmf
grails3.2.0
vungle-ads
google-prediction
apache-toree
common-table-expression
knockout-2.0
md5-file
subforms
deedle
stateless-session-bean
dtd
emacs25
researchkit
yui3
libharu
jsf-2.3
qtcpsocket
dojo-build
eclemma
simian
polymerfire
helm
decidable
search-form
swagger-maven-plugin
bootstrap-wysiwyg
actionpack
whitespace-language
shell-extensions
nsmutabledata
sql-processor
fasterxml
stripe.net
jchartfx
property-injection
armv6
node.js-stream
asp.net-mvc-3-areas
multiscaleimage
towers-of-hanoi
instance-variables
clearinterval
struts2-s2hibernate
wiktionary
fbml
kohana-auth
grails-validation
jmenu
j2mepolish
cleartype
dm
spring-modules
rakudo
remote-working

Resources

Encrypt Message