Linux 2 for Elastic Beanstalk written in Java
Below is my .platform/nginx/conf.d/https.conf file. When I run this, my Load Balancer defaults to ELBSecurityPolicy-2016-08. I only want ELBSecurityPolicy-TLS-1-2-2017-01 selected when I do this. What am I doing wrong?
server {
listen 443 ssl;
server_name localhost;
server_tokens off;
access_log /var/log/nginx/ssl_access.log main;
# access_log off;
# ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
location /subd {
proxy_pass http://127.0.0.1:8443/subd;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
It can be done with the load balancer, yes.
On EB, I had SSL terminating at the ELB though not on the server (80=>instance:80, 443=>instance:8443). The solution was as follows (credit fully to the author of this gist).
Current named policies for classic load balancers are on AWS' site.
Create a new file .ebextension/change-elb-tls-policy.config
option_settings:
- namespace: aws:elb:policies:tlspolicy
option_name: LoadBalancerPorts
value: 443
- namespace: aws:elb:policies:tlspolicy
option_name: SSLReferencePolicy
value: ELBSecurityPolicy-TLS-1-2-2017-01