How To Set Up HTTPS on AWS Elastic Beanstalk

My issue was in how I was configuring the ports. Once you have your certificate, you can configure your ports in Configuration > Load Balancer > Modify.

Here is my configuration:

This resource was super useful for me and gives more detail if you need it: https://colintoh.com/blog/configure-ssl-for-aws-elastic-beanstalk

I think the problem why you're getting request timeout is:

• You accessed HTTPS through Elastic Load Balancer (ELB).
• ELB do HTTP request to EC2 Instance. (You mentioned that: one for HTTPS forwarding to Instance port 80, specifying my SSL certificate)
• So, your EC2 Instance replied to ELB with HTTP redirect to same location but HTTPS (https://wiki.apache.org/httpd/RewriteHTTPToHTTPS).
• ELB will replied your request same as EC2, which is redirect to HTTPS.
• Your browser will follow your redirect information. And back to first point (looping forever).

To solve this problem, in your ELB, forward your ELB HTTPS to instance HTTPS (port 443). To do this, you need to specified additional .ebextensions, because there are no HTTPS to HTTPS configuration in the AWS Web Console.

This is my .ebextensions file config:

Resources:  AWSEBSecurityGroup:    Type: "AWS::EC2::SecurityGroup"    Properties:      GroupDescription: "Allow SSH, HTTP, and HTTPS"      SecurityGroupIngress:        - {IpProtocol: "tcp", FromPort: 22, ToPort: 22, CidrIp: "0.0.0.0/0"}        - {IpProtocol: "tcp", FromPort: 80, ToPort: 80, CidrIp: "0.0.0.0/0"}        - {IpProtocol: "tcp", FromPort: 443, ToPort: 443, CidrIp: "0.0.0.0/0"}  AWSEBLoadBalancerSecurityGroup:    Type: "AWS::EC2::SecurityGroup"    Properties:      GroupDescription: "Allow HTTP and HTTPS"      SecurityGroupIngress:        - {IpProtocol: "tcp", FromPort: 80, ToPort: 80, CidrIp: "0.0.0.0/0"}        - {IpProtocol: "tcp", FromPort: 443, ToPort: 443, CidrIp: "0.0.0.0/0"}      SecurityGroupEgress:        - {IpProtocol: "tcp", FromPort: 80, ToPort: 80, CidrIp: "0.0.0.0/0"}        - {IpProtocol: "tcp", FromPort: 443, ToPort: 443, CidrIp: "0.0.0.0/0"}  AWSEBLoadBalancer:    Type: "AWS::ElasticLoadBalancing::LoadBalancer"    Properties:      Listeners:        - {LoadBalancerPort: 80, Protocol: "HTTP", InstancePort: 80, InstanceProtocol: "HTTP"}        - {LoadBalancerPort: 443, Protocol: "HTTPS", InstancePort: 443, InstanceProtocol: "HTTPS", SSLCertificateId: "arn:aws:iam::123456789012:server-certificate/YourSSLCertificate"}      SecurityGroups:        - {"Fn::GetAtt" : [AWSEBLoadBalancerSecurityGroup, GroupId]}

You need to update wsgi.conf file which is located /etc/httpd/conf.d/wsgi.conf

• add wsgi.conf file to .ebextensions

LoadModule wsgi_module modules/mod_wsgi.soWSGIPythonHome /opt/python/run/baselinenvWSGISocketPrefix run/wsgiWSGIRestrictEmbedded On<VirtualHost *:80>RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} !httpsRewriteCond %{REQUEST_URI} !^/status$RewriteCond %{REQUEST_URI} !^/version$RewriteCond %{REQUEST_URI} !^/_hostmanager/RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]Alias /static/ /opt/python/current/app/mindbliss/static/<Directory /opt/python/current/app/mindbliss/static/>Order allow,denyAllow from all</Directory>WSGIScriptAlias / /opt/python/current/app/application.py<Directory /opt/python/current/app/>  Require all granted</Directory>WSGIDaemonProcess wsgi processes=3 threads=20 display-name=%{GROUP} \  python-path=/opt/python/current/app:/opt/python/run/venv/lib64/python2.7/site-packages:/opt/python/run/venv/lib/python2.7/site-packages user=wsgi group=wsgi \  home=/opt/python/current/appWSGIProcessGroup wsgi</VirtualHost>LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

• add wsgireplace.config to .ebextensions

container_commands:   01_wsgireplace:    command: 'cp .ebextensions/wsgi.conf /etc/httpd/conf.d/wsgi.conf'

• and finally eb deploy