Skip to content

Instantly share code, notes, and snippets.

@hirenalken

hirenalken/01_https.config Secret

Created Dec 19, 2020
Embed
What would you like to do?
files:
"/opt/elasticbeanstalk/hooks/appdeploy/post/generate_ssl_config.sh":
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
source /opt/python/current/env
ssl_conf="LoadModule wsgi_module modules/mod_wsgi.so
WSGIPythonHome /opt/python/run/baselinenv
WSGISocketPrefix run/wsgi
WSGIRestrictEmbedded On
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile \"/etc/letsencrypt/live/$DOMAIN/cert.pem\"
SSLCertificateKeyFile \"/etc/letsencrypt/live/$DOMAIN/privkey.pem\"
Alias /static/ /opt/python/current/app/static/
<Directory /opt/python/current/app/static>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias / /opt/python/current/app/clearago/wsgi.py
<Directory /opt/python/current/app>
Require all granted
</Directory>
WSGIDaemonProcess wsgi-ssl processes=1 threads=15 display-name=%{GROUP} \
python-path=/opt/python/current/app \
python-home=/opt/python/run/venv \
home=/opt/python/current/app \
user=wsgi \
group=wsgi
WSGIProcessGroup wsgi-ssl
</VirtualHost>"
echo "$ssl_conf" | tee /etc/httpd/conf.d/ssl.conf
/usr/local/bin/supervisorctl -c /opt/python/etc/supervisord.conf restart httpd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment