Moqui deployment to AWS on Elastic Beanstalk Tomcat instance

Question

Background

We have been running Moqui 2.0 with the embedded Jetty server on Elastic Beanstalk using a Java environment for about a year now. For security reasons, we h

Answer 1

I manage to make Moqui instance in AWS EB accessible via HTTPS by setting up the ec2 load balancer. To point the obvious, Moqui's jetty listening to port 5000, ec2 Nginx listens to port 80 (and forward it to port 5000), ec2 load balancer listens to port 80 and 443 (and forward it to ec2 Nginx port 80). If you don't want to use load balancer you can setup ec2 Nginx to listen for HTTPS and forward it to Moqui's jetty port 5000 the same way Nginx HTTP does. The least preferred way is passing some https jetty's parameters via environment variables, small changes might be needed in MoquiStart. It was years ago and I don't recall the detail but Jetty was able to serve HTTPS this way.

Answer 2

The http* attributes on the webapp element are for configuring URL writing, not for configuring the web server which is external to Moqui. Moqui runs inside a Java Servlet container like Tomcat or Jetty, even when using the embedded Jetty approach, and configuration of the Servlet container is where the HTTP interfaces are configured.

Generally the best approach for HTTPS termination is to use a reverse proxy based on httpd or nginx. Even ElasticBeanstalk images do this by default (with httpd) and if you configure your HTTPS cert through AWS EB it is httpd that handles it. The same approach is used with nginx-proxy in the Docker Compose examples.