enable https on single instance aws-eb

ssl.config

#  https://keithpblog.wordpress.com/2015/04/13/scaling-down-to-single-instance-elastic-beanstalk/
# .ebextensions/ssl.config

Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: example_id
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0

files:
"/etc/nginx/conf.d/ssl.conf" :
content: |
# HTTPS server

server {
listen 443;
server_name localhost example.co.uk http://www.example.co.uk;

ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security "max-age=31536000";

location / {
proxy_pass http://my_app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}

location /assets {
alias /var/app/current/public/assets;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}

location /public {
alias /var/app/current/public;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
}

"/etc/pki/tls/certs/server.crt" :
content: |
-----BEGIN CERTIFICATE-----
MTYwMTE4MjIzOTM4WjBIMSEwHwYDVV...
-----END CERTIFICATE-----

"/etc/pki/tls/certs/server.key" :
content: |
-----BEGIN RSA PRIVATE KEY-----
6JqCpm3OYCIzx4fNsecDUoA+Varg+s5yHC...
-----END RSA PRIVATE KEY-----

container_commands:
01restart_nginx:
command: "service nginx restart"