Open michaelsmoody opened 1 year ago
The most critical changes would be:
yum -y -q install unzip
(ensuring that unzip is available before attempting the rest of the bootstrap
Also, setting the correct filesystem contexts on /var/app and /var/www
The rest of it can be handled with commands, but the incorrect filesystem contexts is problematic as it is reset on every app deployment.
(Additionally, setting the nginx config and log filesystem ownership is fairly critical, as it seems that at least the config gets reset on each deployment)
(As mentioned, I was asked to open a GitHub Issue here in this repository, despite it not being the ElasticBeanstalk bootstrap scripts; with these details, by AWS Support)
Original Message as Submitted to AWS Support:
Very specifically, a few things we noted:
chown -R nginx:nginx /var/log/nginx
chown -R nginx:nginx /var/proxy/staging/nginx
yum -y -q install unzip
These, and many other potential changes need to be escalated to the ElasticBeanstalk Development Team who is responsible for the EB bootstrapping. I would highly recommend that instead of the default Amazon Linux 2 AMI, that the Center for Internet Security Amazon Linux 2 AMI be used (5.10 kernel) for testing, in order to help "harden" ElasticBeanstalk's bootstrapping process, and support SELinux and iptables out of the box, as well as ensure that "unzip", a simple dependency, exists on the system.
Thanks, Michael S. Moody