I'm trying to get HTTPS working on a AWS Beanstalk Python/Django Single instance environment. I've worked through several issues but now I'm stuck, the build deploys and the site works on HTTP, but on HTTPS I get ERR_CONNECTION_REFUSED and nothing appears in the logs that I can see.
Started with the directions here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-python.html
The first issue I ran into was a deployment error
Unhandled exception during build: Yum does not have mod24_ssl available for installation
and based on this post, I modified it to mod_ssl and that fixed it.
The second issue I ran into was another deployment error
Command 01killhttpd failed
, so I removed those commands based on this post.
This was successful in getting the environment to deploy and it works with HTTP, but with HTTPS I just get a refused connection and I can't figure out why. I've poured through the logs several times and see nothing. Here are the full logs. Any help is greatly appreciated.
Here are the two files I have created under .ebextensions folder:
https-instance.config
packages:
yum:
mod_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule wsgi_module modules/mod_wsgi.so
WSGIPythonHome /opt/python/run/baselinenv
WSGISocketPrefix run/wsgi
WSGIRestrictEmbedded On
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
Alias /static/ /opt/python/current/app/static/
<Directory /opt/python/current/app/static>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias / /opt/python/current/app/nwmarket.wsgi:application
<Directory /opt/python/current/app>
Require all granted
</Directory>
WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
python-path=/opt/python/current/app \
python-home=/opt/python/run/venv \
home=/opt/python/current/app \
user=wsgi \
group=wsgi
WSGIProcessGroup wsgi-ssl
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
https-instance-single.config
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
I've tried using the conf file detailed here, but that didn't work for me.
