ElasticBeanstalk（ALB, Rails）でのconf

01_nginx.conf

files:
  /etc/nginx/conf.d/redirect.conf:
    mode: "000644"
    owner: root
    group: root
    content: |
      server {
        listen 81;
        rewrite ^ https://$host$request_uri permanent;
      }

  /opt/elasticbeanstalk/support/conf/webapp_healthd.conf:
    mode: "0644"
    owner: root
    group: root
    content: |
      upstream my_app {
        server unix:///var/run/puma/my_app.sock;
      }

      log_format healthd '$msec"$uri"'
                         '$status"$request_time"$upstream_response_time"'
                         '$http_x_forwarded_for';

      log_format ltsv 'time:$time_iso8601\t'
                      'remote_addr:$remote_addr\t'
                      'request_method:$request_method\t'
                      'request_length:$request_length\t'
                      'request_uri:$request_uri\t'
                      'https:$https\t'
                      'uri:$uri\t'
                      'query_string:$query_string\t'
                      'status:$status\t'
                      'bytes_sent:$bytes_sent\t'
                      'body_bytes_sent:$body_bytes_sent\t'
                      'referer:$http_referer\t'
                      'useragent:$http_user_agent\t'
                      'forwardedfor:$http_x_forwarded_for\t'
                      'request_time:$request_time\t'
                      'upstream_response_time:$upstream_response_time';

      server {
        listen 80;
        server_name _ localhost; # need to listen to localhost for worker tier
        client_max_body_size 100m;

        # force SSL
        # redirect http to https
        set $needRedir 0;
        if ($http_user_agent ~ "ELB-HealthChecker") {
          set $http_x_forwarded_proto "https";
        }
        if ($http_user_agent ~ "aws-sqsd") {
          set $http_x_forwarded_proto "https";
        }
        if ($http_x_forwarded_proto != 'https') {
          set $needRedir 1;
        }
        if ($needRedir = 1) {
          rewrite ^(.*)$ https://$host$1 permanent;
        }

        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
          set $year $1;
          set $month $2;
          set $day $3;
          set $hour $4;
        }

        access_log /var/log/nginx/nginx_access.log ltsv;
        access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
        error_log  /var/log/nginx/nginx_error.log warn;

        location / {
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://my_app;
        }

        location /assets {
          alias /var/app/current/public/assets;
          gzip_static on;
          gzip on;
          expires max;
          add_header Cache-Control public;
        }

        location /public {
          alias /var/app/current/public;
          gzip_static on;
          gzip on;
          expires max;
          add_header Cache-Control public;
        }
      }

commands:
  nginx_reload:
    command: "/sbin/service nginx reload"

02_load-balancer.config

option_settings:
  aws:elasticbeanstalk:environment:
    LoadBalancerType: application

  aws:elbv2:listener:443:
    DefaultProcess: https
    ListenerEnabled: true
    SSLCertificateArns: arn:aws:acm:ap-northeast-1:766816810352:certificate/dc070015-0022-4e09-99ea-5808d026cbaa
    Protocol: HTTPS

  aws:elasticbeanstalk:environment:process:https:
    Port: 80
    Protocol: HTTP
    StickinessEnabled: true
    HealthCheckPath: /sys/health_check
    HealthCheckTimeout: 5 # 30
    HealthCheckInterval: 20 # 60
    MatcherHTTPCode: 200

  aws:elbv2:listener:80:
    DefaultProcess: http
    ListenerEnabled: true
    Protocol: HTTP

  aws:elasticbeanstalk:environment:process:http:
    Port: 81
    Protocol: HTTP
    HealthCheckPath: /
    HealthCheckTimeout: 5 # 30
    HealthCheckInterval: 20 # 60
    HealthyThresholdCount: 2
    MatcherHTTPCode: 301