Gaurav Ghodinde

Appearance

Setting Up Nginx with SSL on EC2

Setting Up Nginx with SSL and Reverse Proxy to Node.js on EC2

Step 1: Install Nginx on EC2

Connect to your EC2 instance: 

ssh -i your-key.pem ubuntu@your-ec2-public-ip

Update package lists and install Nginx: 

sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx

Start and enable Nginx: 

sudo systemctl start nginx
sudo systemctl enable nginx

Allow HTTP/HTTPS traffic in the firewall: (skip ) 

sudo ufw allow 'Nginx Full'
sudo ufw allow OpenSSH
sudo ufw enable

if u cannot ssh after this do

sudo ufw allow OpenSSH
sudo ufw reload

Verify Nginx is running:

  • Open your browser and go to <span>http://your-ec2-public-ip</span>
  • You should see the Nginx welcome page.

Step 2: Install Certbot

Install Certbot and the Nginx plugin: 

sudo apt install -y certbot python3-certbot-nginx

Step 3: Obtain SSL Certificate

Run Certbot to get an SSL certificate: 

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Replace <span>yourdomain.com</span> with your actual domain.

Follow the prompts:

  • Enter your email.
  • Agree to the terms.
  • Certbot will automatically configure Nginx for HTTPS.

Verify SSL Certificate Renewal: 

sudo certbot renew --dry-run

This ensures that the certificate auto-renewal works correctly.

Step 4: Configure Automatic Renewal

Check if Certbot is already in crontab: 

sudo systemctl list-timers

Certbot installs a systemd timer by default, but if you want a manual cron job:

Add a cron job to renew SSL automatically: 

sudo crontab -e

Add this line to run renewal twice a day:

0 */12 * * * certbot renew --quiet

Step 5: Configure Nginx as a Reverse Proxy for Node.js

Open the Nginx configuration file: 

sudo nano /etc/nginx/sites-available/default

Replace the contents with: 

server {
    listen 80;
    server_name yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;
    server_name yourdomain.com;
    return 301 https://$host$request_uri;
}

Enable and Restart Nginx: 

sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Step 6: Start Your Node.js Server

Ensure your Node.js app is running on port 3000:

node server.js

Or use PM2 to keep it running:

npm install -g pm2
pm2 start server.js
pm2 save
pm2 startup

Step 7: Verify HTTPS

  • Open your browser and go to <span>https://yourdomain.com</span>.
  • Your site should now be secure with HTTPS and proxied to your Node.js app.

Warning: Do NOT Delete <span><strong>/etc/nginx/sites-enabled/</strong></span> Folder ⚠️

Why? Deleting <span>/etc/nginx/sites-enabled/</span> can remove important configurations, including those for SSH, which may block you from connecting to your server.

How to Modify Nginx Configuration Safely

If you need to change Nginx settings:

  1. Open the main Nginx configuration file:
    sudo nano /etc/nginx/nginx.conf
  2. Make necessary changes.
  3. Test the new configuration:
    sudo nginx -t
  4. Restart Nginx safely:
    sudo systemctl restart nginx

Following these steps ensures that your server remains accessible and avoids accidental lockouts.

Step 1: Install Nginx on EC2

Connect to your EC2 instance:

sh
ssh -i your-key.pem ubuntu@your-ec2-public-ip

Update package lists and install Nginx:

sh
sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx

Start and enable Nginx:

sh
sudo systemctl start nginx
sudo systemctl enable nginx

Allow HTTP/HTTPS traffic in the firewall:

sh
sudo ufw allow 'Nginx Full'
sudo ufw enable

Verify Nginx is running:

  • Open your browser and go to http://your-ec2-public-ip
  • You should see the Nginx welcome page.

Step 2: Install Certbot

Install Certbot and the Nginx plugin:

sh
sudo apt install -y certbot python3-certbot-nginx

Step 3: Obtain SSL Certificate

Run Certbot to get an SSL certificate:

sh
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com with your actual domain.

Follow the prompts:

  • Enter your email.
  • Agree to the terms.
  • Certbot will automatically configure Nginx for HTTPS.

Verify SSL Certificate Renewal:

sh
sudo certbot renew --dry-run

This ensures that the certificate auto-renewal works correctly.

Step 4: Configure Automatic Renewal

Check if Certbot is already in crontab:

sh
sudo systemctl list-timers

Certbot installs a systemd timer by default, but if you want a manual cron job:

Add a cron job to renew SSL automatically:

sh
sudo crontab -e

Add this line to run renewal twice a day:

sh
0 */12 * * * certbot renew --quiet

Step 5: Restart Nginx

sh
sudo systemctl restart nginx

Step 6: Verify HTTPS

  • Open your browser and go to https://yourdomain.com.
  • Your site should now be secure with HTTPS.