Elastic Beanstalk: Create a new environment: .ebextensions with SSL certificate fails to start (tomcat-single-instance)
I am trying to create a new environment with the current production WAR package.
New instance deployment fails and comes up with "Green" status. We originally followed this sample to create the .ebextensions (https://s3.amazonaws.com/elasticbeanstalk-single-instance-ssl-demo/tomcat-single-instance.zip) and extended as described here https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-tomcat.html .
New Platform: Managed, Tomcat 8.5 with Java 8 on 64bit Amazon Linux
Platform version: 3.4.1(Recommended)
Error:
httpd24-tools conflicts with httpd-tools-2.2.34-1.16.amzn1.x86_64
mod24_ssl conflicts with 1:mod_ssl-2.2.34-1.16.amzn1.x86_64
httpd24 conflicts with httpd-2.2.34-1.16.amzn1.x86_64
To resolve this error, I replaced
packages:
yum:
mod_ssl : []
with
packages:
yum:
mod24_ssl.x86_64 : []
But that caused this error:
Httpd configuration detected in the '.ebextensions/httpd' directory. AWS Elastic Beanstalk will no longer manage the httpd configuration for this environment.
Executing: /usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf
httpd: Syntax error on line 21 of /var/elasticbeanstalk/staging/httpd/conf/httpd.conf: Include/IncludeOptional: No matches for the wildcard '*.conf' in '/etc/httpd/conf.d/elasticbeanstalk', failing
Failed to execute '/usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf'
Failed to execute '/usr/sbin/apachectl -t -f /var/elasticbeanstalk/staging/httpd/conf/httpd.conf' (Executor::NonZeroExitStatus)
AWS is asking to replace the current production server (Amazon Linux/2.3.1) without delay as it is "Retired". I have posted this issue on AWS Forum as well. Please help.
As indicated in the AWS documentation:
Starting with Tomcat platform version 3.0.0 configurations, which were released with the Java with Tomcat platform update on May 24, 2018, Apache 2.4 is the default proxy of the Tomcat platform.
After digging into the problem, as can be seeing for the comments and the companion chat, the actual solution for the problem was either create or clone the existing environment, with the idea of being able to use a fresh beanstalk environment for Amazon Linux 3.4.2, without any customization.
Then, in order to avoid the mentioned problem with SSL, the .ebextensions directory should only include a convenient ssl.conf and the environment.config script provided in the sample zip file indicated in the question, without the packages section because mod_ssl is already installed in the beanstalk image.
In this specific case, there were some additional problems related with the creation of the files required for logging. After adjusting the path to one in which the application has the ability to write, the default for Tomcat in Beanstalk, /var/logs/tomcat8, everything seems to work properly.