I have been trying get SSL enabled on my AWS Elastic Beanstalk(eb) application with not much luck so far.
After following the documentation for configuring https access on eb, I created a self-signed certificate which I believe to be enough if one just wants encryption.
I created a eb environment which used a load balancer and after uploading the certificate, I was able to use it and pick the secure listening port (8443).
On the EC2 load balancer, I created a listener for
HTTPS 8443 HTTP 80 <cert file> I then gave the load balancer and the eb instance a security group that had the rule:
Custom TCP Rule TCP 8443 0.0.0.0/0 I also included a config in .ebextensions pointing like the documentation told me:
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {Ref : <security_group_name>} IpProtocol: tcp ToPort: 8443 FromPort: 8443 CidrIp: 0.0.0.0/8443 Then in my flask application the application had these parameters:
from OpenSSL import SSL from flask_sslify import SSLify context = SSL.Context(SSL.TLSv1_2_METHOD) context.use_privatekey_file('/home/ec2-user/privatekey.pem') context.use_certificate_file('/home/ec2-user/server.crt') basic_auth = BasicAuth(application) sslify = SSLify(application) if __name__ == '__main__': application.run(host='0.0.0.0', port=8443, ssl_context=context) Now when I go to the instance's public IP prefixed with https:// I get this:
Google Chrome Connection info (can't post images with current rep ughh)
Which makes me think that I have the encryption I'm after but the Flask server connection log still shows clear requests (expected to see jumbled, encrypted request info).
When I connect with the *.elasticbeanstalk.com address I get nothing.
So I guess I have two questions:
1) Does this mean I have encryption?
2) Why can't I access the instance with my elasticbeanstalk url?