Table of content:
- Create dockerized NextJS app - part 1
- Deploy dockerized app to AWS EB - previous part
- Connect domain to Route53
- Set up SSL
- Set up redirects - next part
Hello everyone.
In previous part we created dockerized NextJS app and deployed it to AWS EB.
In this part we are going to connect custom domain to our Elastic Beanstalk application (to make website url fancy, like mysuperwebsite.com
), obtain SSL certificate for our website and set up secure https connection to our website!
Everything in here is within AWS Free tier (except for domain, which can be bought for as cheap as $1).
Also please pay attention that all links to AWS I provide use my region of choice, if you're using different AWS region make sure to change it before making any changes!
Lets get started =))
Use custom domain for your application
This step requires you to have, guess it, custom domain.
First thing we need to do is to create a new hosted zone:
- Open Route53 console page and click
Create hosted zone
- Fill in domain name (optionally description), in my case it is
borisnovikov.xyz
- Select Type -
Public hosted zone
and clickCreate hosted zone
Now we need to visit our domain registrar and change domain nameservers.
I'm using Namecheap but the process should be similar for every domain provider: place each value of NS record (from AWS Hosted zone) to Domain registrar nameservers
It can take up to 48 hours to register new nameservers.
To access website using our domain we need to add two alias records of type A: one for our main domain (borisnovikov.xyz) and the other is for subdomain (www website version):
- On Hosted zone page click
Create record
- Switch
Alias
toggler - Record type -
A
- Route traffic to - Beanstalk, then select region and environment
- Click
Create record
Same for www but add www
prefix to Record name
field.
Wait a few minutes and voi la - our website is now accessible with our domain
Setting up SSL
To set up SSL we need to obtain SSL certificate:
- Visit AWS Certificate Manager.
- Under
Provision certificates
clickGet started
- Click
Request a certificate
- Add two domain names: one for your website and the other for www version
Here I added wildcard domain (*.borisnovikov.xyz) - it will cover all subdomains including www or any other.
Click Next
, select DNS Validation
and keep clicking Next
until Validation
step.
Because we delegated domain management to AWS by setting nameservers, we need to validate ownership by expanding any domain and clicking Create record in Route 53
. Click Continue
.
SSL certificate will be issued after a while (it can take up to 48 hours - usually within 30 minutes after nameservers delegation is completed).
Adding secure connection to our website
Next step is to add https listener to load balancer.
First we need to modify Load Balancer security group to allow secure connections:
- Open EC2 Dashboard
- In sidebar click Load Balancers
- Select your Load balancer and scroll down
Description
tab untilSecurity
section - Copy security group name and open link near it
On the Security groups page search the page (Ctrl+F in most browsers) for security group name you copied earlier, click on Security group ID.
On opened page click Edit inbound rules
, then click Add rule
.
Set HTTPS
Type, Source - Anywhere IPv4
, save rule and close the page.
Now we will set https listener:
- On Load Balancers page select your load balancer
- Select
Listeners
tab and copy default rule for HTTP listener (forwarding to ...) - Click button
Add listener
- Select
HTTPS
protocol from the dropdown - In
Default actions
clickAdd action
->Forward to
- From the
Target group
dropdown select the same group you copied earlier from HTTP listener default action - From
Security policy
dropdown select suitable policy (defaultELBSecurityPolicy-2016-08
policy is recommended). More about policies here - Select
Default SSL Certificate
you created earlier. - Click
Add listener
.
Tada! You can now access your website via https protocol =)
In the next part we are going to set up redirects from http to https, from www to non-www. Hope to see you there =)
Thanks for reading.
Top comments (0)