Hack to bypass Nginx proxy in a ElasticBeanstalk deployment for UDP applications such as rsyslog

00-bypass-nginx-proxy.config

# Place in .ebextensions/00-bypass-nginx-proxy.config at the root of your appkication repository.

files:
  "/tmp/setup_iptables.sh": 
    mode: "000755"
    content: |
      #!/bin/sh
 
      # remove rules added by us (marked by the "added_by_ebextension" comment), if any
      iptables-save | grep -v added_by_ebextension | iptables-restore
 
      # get IP address of the docker container
      ip=$(docker inspect `cat /etc/elasticbeanstalk/.aws_beanstalk.staging-container-id` | jq -r .[0].NetworkSettings.IPAddress)
      port=$(docker inspect `cat /etc/elasticbeanstalk/.aws_beanstalk.staging-container-id` | jq -r .[0].Config.ExposedPorts | jq -r to_entries[0].key | sed 's/\/tcp//')
 
      # add our rule with the "added_by_ebextension" as a special marker
      iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 514 -j DNAT --to ${ip}:${port} -m comment --comment added_by_ebextension
      iptables -A PREROUTING -t nat -i eth0 -p udp --dport 514 -j DNAT --to ${ip}:${port} -m comment --comment added_by_ebextension
 
      # following are optional since the FORWARD chain is ACCEPT by default
      # iptables -A FORWARD -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -d ${ip} -j ACCEPT -m comment --comment added_by_ebextension
      # iptables -A FORWARD -p tcp -d ${ip} --dport 80 -j ACCEPT -m comment --comment added_by_ebextension
 
      # save in case of reboot
      service iptables save
 
container_commands:
  00setup-iptables:
    command: "/tmp/setup_iptables.sh"