Nginx – Elastic Beanstalk .ebextensions .config does not create the files it should

elastic-beanstalknginx

I have the following .config file in the .ebextensions directory of my project:

Resources:
    sslSecurityGroupIngress:
        Type: "AWS::EC2::SecurityGroupIngress"
        Properties:
            GroupId: {"Fn::GetAtt": [AWSEBSecurityGroup, GroupId]}
            IpProtocol: tcp
            ToPort: 443
            FromPort: 443
            CidrIp: 0.0.0.0/0
files:
    "/etc/nginx/conf.d/https_custom.pre":
        mode: "000644"
        owner: root
        group: root
        content: "server {\n    listen      443;\n    server_name localhost;\n    ssl_certificate      /etc/letsencrypt/live/api-stag.domain.com/fullchain.pem;\n    ssl_certificate_key  /etc/letsencrypt/live/api-stag.domain.com/privkey.pem;\n    ssl                  on;\n    ssl_session_timeout  5m;\n    ssl_protocols  TLSv1.1 TLSv1.2;\n    ssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\";\n    ssl_prefer_server_ciphers   on;\n    if ($ssl_protocol = \"\") {\n        rewrite ^ https://$host$request_uri? permanent;\n    }\n    location / {\n        proxy_pass  http://127.0.0.1:5000;\n        proxy_set_header   Connection \"\";\n        proxy_http_version 1.1;\n        proxy_set_header        Host            $host;\n        proxy_set_header        X-Real-IP       $remote_addr;\n        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header        Upgrade         $http_upgrade;\n        proxy_set_header        Connection      \"upgrade\";\n    }\n}\n"
packages:
    yum:
        epel-release: []
container_commands:
    10_installcertbot:
        command: "wget https://dl.eff.org/certbot-auto;chmod a+x certbot-auto"
    20_getcert:
        command: "sudo ./certbot-auto certonly --debug --non-interactive --email na@domain.com --agree-tos --standalone --domains ${certdomain} --keep-until-expiring --pre-hook 'service nginx stop'"
    30_link:
        command: "ln -sf /etc/letsencrypt/live/${certdomain} /etc/letsencrypt/live/ebcert"
    40_config:
        command: "mv /etc/nginx/conf.d/https_custom.pre /etc/nginx/conf.d/https_custom.conf"
    50_reload_nginx:
        command: "sudo service nginx reload"

When creating a .jar and deploying this to Elastic Beanstalk I get the following error (which results to a failed deployment) in eb-activity.log:


[2019-08-02T06:29:25.315Z] INFO  [5311]  - [Application update stag-0.0.29-20@22/AppDeployStage0/EbExtensionPostBuild/Infra-EmbeddedPostBuild/postbuild_1_sg_api/Command 30_link] : Starting activity...
[2019-08-02T06:29:25.318Z] INFO  [5311]  - [Application update stag-0.0.29-20@22/AppDeployStage0/EbExtensionPostBuild/Infra-EmbeddedPostBuild/postbuild_1_sg_api/Command 30_link] : Completed activity.
[2019-08-02T06:29:25.541Z] INFO  [5311]  - [Application update stag-0.0.29-20@22/AppDeployStage0/EbExtensionPostBuild/Infra-EmbeddedPostBuild/postbuild_1_sg_api/Command 40_config] : Starting activity...
[2019-08-02T06:29:25.545Z] INFO  [5311]  - [Application update stag-0.0.29-20@22/AppDeployStage0/EbExtensionPostBuild/Infra-EmbeddedPostBuild/postbuild_1_sg_api/Command 40_config] : Activity execution failed, because: mv: cannot stat '/etc/nginx/conf.d/https_custom.pre': No such file or directory
   (ElasticBeanstalk::ExternalInvocationError)

The .config file is supposed to create the file /etc/nginx/conf.d/https_custom.pre and then the container_command called 40_config should move that file to /etc/nginx/conf.d/https_custom.conf. It seems as if the .config does not create the https_custom.pre at all and therefore it's not able to move it.

What am I doing wrong?

Best Answer

Now there is a different way of extending nginx configuration: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html

Related Topic