HTTPS for Single-Instance Node.js AWS Elastic Beanstalk Environment without Custom Domain or Load Balancer

This post describes how to setup HTTPS using a self-signed certificate for a Node.js 12 webapp deployed to a single-instance AWS Elastic Beanstalk environment without using a custom domain or a load balancer. This is useful in dev/test scenarios where HTTPS is required.

Step 1 — Create Beanstalk App

Create a Beanstalk app as shown below:

Step 2 — Get Application Code

Download & unzip the Node.js app code from here.

Step 3 — Generate Certificate

Run this at your terminal to generate a self-signed certificate:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=*'
openssl rsa -in key.pem -out key.pem

Step 4 — Modify Code

Create .ebextensions/https-instance-single.config in the app code with these contents:

    Type: AWS::EC2::SecurityGroupIngress
      GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
      IpProtocol: tcp
      ToPort: 443
      FromPort: 443

Create .ebextensions/https-instance.config in the app code with these contents:

    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN CERTIFICATE-----
      # contents of cert.pem
      -----END CERTIFICATE-----
    mode: "000400"
    owner: root
    group: root
    content: |
      -----BEGIN RSA PRIVATE KEY-----
      # contents of key.pem
      -----END RSA PRIVATE KEY-----

Create .platform/nginx/conf.d/https.conf in the app code with these contents:

server {
    listen                    443;
    server_name               localhost;
    ssl                       on;
    ssl_certificate           /etc/pki/tls/certs/server.crt;
    ssl_certificate_key       /etc/pki/tls/certs/server.key;
    ssl_session_timeout       5m;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

Step 5 — Deploy Code

ZIP & upload the code to Beanstalk, open the Beanstalk app URL with https:// prefix & bypass the browser warning about the self-signed certificate to see the app!