Node.js app on ElasticBeanstalk cannot access private key file on server

Question

I have a node.js application running on ElasticBeanstalk. Part of it's configuration is a path to a .p12 key file. When the application attempts to use the key file, a permission denied exception is thrown.

My question is if I am placing the key file in the best location with the correct permissions, or if there is some other place or permissions I should be using.

The application is a parse-server-example clone which gets installed to /var/app/current on the EB server. I have placed the key file in /home/ec2-user/.ssh. I have tried setting permissions on the key file to 400, 644, and even 777.The .ssh directory itself has 700. The error I see is:

parse-server-example running on port 8081. /var/app/current/node_modules/parse-server/lib/ParseServer.js:339 throw err; ^

Error: EACCES: permission denied, open '/home/ec2-user/.ssh/key.p12' at Error (native)

Answer 1

I got this too when trying to install/run etherpad

It turns out this was not to do with the perms of the files, but those of a higher-up directory

If I do this as root, I get:

ls -l /etc/letsencrypt/live/domain/privkey.pem
lrwxrwxrwx 1 root root 42 May 20 13:03 /etc/letsencrypt/live/domain/privkey.pem -> ../../archive/domain/privkey1.pem

But if I run the same command as etherpad I get a permission denied.

Doing ls -ld on each directory up revealed that live had permissions rwx------, that is, the directory could neither be read nor listed.

chmod 755 /etc/letsencrypt/live /etc/letsencrypt/archive

This fixes the issue in my case. Your mileage may vary.

Answer 2

What ended up working for me was to create a directory for the .p12 key and giving ownership of the directory and key to the nodejs user.

sudo mkdir -p /etc/foo
sudo chown nodejs /etc/foo
sudo chmod 700 /etc/foo

sudo cp my_key.p12 /etc/foo

sudo chown nodejs /etc/foo/my_key.p12
sudo chmod 600 /etc/foo/my_key.p12