2

The beanstalk documentation is not clear on how and what is best way to customize nginx configuration when deploying PHP applications.

I've tried multiple things as include a file /etc/nginx/conf.d/01-security.conf like this:

files:
/etc/nginx/conf.d/01-security.conf:
mode: “000644”
owner: root
group: root
content: |
  add_header X-Frame-Options "SAMEORIGIN" always ;
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "no-referrer-when-downgrade" always;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" 
  always;
  add_header X-Cache-Status $upstream_cache_status;

I've tried other alternatives but none of them seems to be working. I am a bit confused as beanstalk doesn't give any clear direction on how that should be done for PHP? I've seen people using different strategies, some of them back in 2018, 2017...

I can replace the configuration using container_commands and then restart nginx, but there is any way where I can add more configuration files or modify the original one?

Improve this question

1 Answer 1

Reset to default
2

A possible reason why your /etc/nginx/conf.d/01-security.conf is not working, is because you are using Amazon Linux 2 (AL2). However, the setting file is for old EB platforms based on AL1.

For AL2, the nginx settings should be in .platform/nginx/conf.d/, not in .ebextentions as shown in the docs.

Therefore, you could have the following .platform/nginx/conf.d/myconfig.conf with content:

add_header X-Frame-Options "SAMEORIGIN" always ;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" 
always;
add_header X-Cache-Status $upstream_cache_status;

The above is an example. I can't verify if the settings will actually work, but it seems to me that you are using AL2, not AL1. In this case, you are ussing wrong folders for the nginx config files.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.