Here's where I'm at so far.
EB extensions allow you to add files, similar to what I did above. The default nginx.config looks like this:
```
# Elastic Beanstalk Managed
# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
#
# Modifications of nginx.conf can be performed using container_commands to modify the staged version
# located in /tmp/deployment/config/etc#nginx#nginx.conf
# Elastic_Beanstalk
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
port_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# Elastic Beanstalk Modification(EB_INCLUDE)
log_format healthd '$msec"$uri"'
'$status"$request_time"$upstream_response_time"'
'$http_x_forwarded_for';
include /etc/nginx/conf.d/*.conf;
# End Modification
}
```
Note at the end, `include /etc/nginx/conf.d/*.conf;`, which will include other .conf files, like the one I posted in my question that just sets the max body size.
AWS EB also has a default file that gets included, autogenerated by EB: etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
```
# Elastic Beanstalk Managed
# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
#
# Modifications of nginx.conf can be performed using container_commands to modify the staged version
# located in /tmp/deployment/config/etc#nginx#nginx.conf
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
```
Of note is the sloppy indenting, that's literally copied from AWS' own file...
Anyway, it seems that this file is where I would have to do what the Stack Overflow answer I posted suggests, since it's where the Server { } configuration is.
The comments at the top of each file mention you can modfiy nginx.config through container commands, but I do not believe that will help me, since nginx.config doesn't contain the Server call. However, I've got to imagine these container commands could also be used to update this file, no? Here is a link discussing container commands: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#linux-container-commands
So now it looks like what I need is a command that will copy the existing `00_elastic_beanstalk_proxy.conf` and inject the following:
```
log_format filter '$remote_addr - $remote_user [$time_local] '
'"$temp" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
#....
#inside server block
location /my/sensitive/route {
set $temp $request;
if ($temp ~ (.*)password=[^&]*(.*)) {
set $temp $1password=*****$2
}
access_log /var/log/nginx/access.log filter;
}
```
So at this point, I'm thinking I literally need to include a bash script with my source code that takes an input file, adds a new line at the beginning of the file `log_format filter '$remote_addr - $remote_user [$time_local] ''"$temp" $status $body_bytes_sent "$http_referer" "$http_user_agent"';`, since this file is all encapsulated within the http directive, then find the line with `server{` || `server {`, and add the location block below it....
Can anybody tell me that I'm completely wrong before I go ahead and do this?
EB extensions allow you to add files, similar to what I did above. The default nginx.config looks like this:
```
# Elastic Beanstalk Managed
# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
#
# Modifications of nginx.conf can be performed using container_commands to modify the staged version
# located in /tmp/deployment/config/etc#nginx#nginx.conf
# Elastic_Beanstalk
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
port_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# Elastic Beanstalk Modification(EB_INCLUDE)
log_format healthd '$msec"$uri"'
'$status"$request_time"$upstream_response_time"'
'$http_x_forwarded_for';
include /etc/nginx/conf.d/*.conf;
# End Modification
}
```
Note at the end, `include /etc/nginx/conf.d/*.conf;`, which will include other .conf files, like the one I posted in my question that just sets the max body size.
AWS EB also has a default file that gets included, autogenerated by EB: etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
```
# Elastic Beanstalk Managed
# Elastic Beanstalk managed configuration file
# Some configuration of nginx can be by placing files in /etc/nginx/conf.d
# using Configuration Files.
# http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/customize-containers.html
#
# Modifications of nginx.conf can be performed using container_commands to modify the staged version
# located in /tmp/deployment/config/etc#nginx#nginx.conf
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
```
Of note is the sloppy indenting, that's literally copied from AWS' own file...
Anyway, it seems that this file is where I would have to do what the Stack Overflow answer I posted suggests, since it's where the Server { } configuration is.
The comments at the top of each file mention you can modfiy nginx.config through container commands, but I do not believe that will help me, since nginx.config doesn't contain the Server call. However, I've got to imagine these container commands could also be used to update this file, no? Here is a link discussing container commands: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#linux-container-commands
So now it looks like what I need is a command that will copy the existing `00_elastic_beanstalk_proxy.conf` and inject the following:
```
log_format filter '$remote_addr - $remote_user [$time_local] '
'"$temp" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
#....
#inside server block
location /my/sensitive/route {
set $temp $request;
if ($temp ~ (.*)password=[^&]*(.*)) {
set $temp $1password=*****$2
}
access_log /var/log/nginx/access.log filter;
}
```
So at this point, I'm thinking I literally need to include a bash script with my source code that takes an input file, adds a new line at the beginning of the file `log_format filter '$remote_addr - $remote_user [$time_local] ''"$temp" $status $body_bytes_sent "$http_referer" "$http_user_agent"';`, since this file is all encapsulated within the http directive, then find the line with `server{` || `server {`, and add the location block below it....
Can anybody tell me that I'm completely wrong before I go ahead and do this?