In today's digital landscape, security is paramount. This guide aims to walk you through the process of securing your Node.js application on an AWS EC2 instance. We'll cover configuring Nginx, obtaining a free SSL certificate from Let's Encrypt, and setting up a custom domain.
Step 1: SSH into your EC2 instance
Login to you instance with your instance username and Key File:
ssh -i "PATH/TO/YOUR/KEY/FILE.PEM" "USER-NAME@SERVER-IP"
Step 2: Install Nginx and Certbot
If you haven't already installed Nginx, you can do so using your package manager. For example, on a Debian-based system:
sudo apt update
sudo apt install nginx certbot python3-certbot-nginx
(python3-certbot-nginx is an Nginx plugin for Certbot)
Step 3: Configure Nginx for Your Node.js App
Begin by installing Nginx on your EC2 instance. You can create a dedicated Nginx configuration file tailored for your Node.js app, but I'm using the default configuration file:
sudo nano /etc/nginx/sites-available/default
This file directs Nginx to act as a reverse proxy, forwarding requests to your Node.js application. Remember to replace YOUR-DOMAIN-NAME.TLD with your domain name in this snippet:
server {
listen 80;
server_name YOUR-DOMAIN-NAME.TLD WWW.YOUR-DOMAIN-NAME.TLD;
location / {
proxy_pass http://127.0.0.1:PORT;
}
}
Ensure your Node.js app is running on the specified port (PORT in the Nginx configuration).
Step 4: Obtain a Free SSL Certificate with Let's Encrypt
Enhance your website's security by obtaining a free SSL certificate from Let's Encrypt. Install Certbot and run the following command:
sudo certbot --nginx -d YOUR-DOMAIN-NAME.TLD -d WWW.YOUR-DOMAIN-NAME.TLD
Certbot will prompt you for necessary information and automatically configure Nginx to use the SSL certificate.
Step 5: Configure Certbot Auto-Renewal
Certificates obtained from Let's Encrypt are typically valid for 90 days. To automate the renewal process, Certbot provides a renewal script that you can set up with a cron job.
sudo certbot renew --dry-run
This command tests the renewal process without making any changes. If it runs without errors, you can add it to your crontab.
sudo crontab -e
Add the following line to run the renewal check twice a day:
0 */12 * * * /usr/bin/certbot renew --quiet
Step 6: Restart Nginx
Before restarting Nginx, it's a good idea to test the configuration to catch any syntax errors:
sudo nginx -t
If the test is successful, restart Nginx to apply the changes restart Nginx to apply the changes:
sudo service nginx restart
Now, your site should be accessible using HTTPS, and the SSL certificate will automatically renew when necessary. Make sure to check your website to ensure that it's loading securely over HTTPS.
If you encounter any issues, feel free to ask in the comments for further assistance!
Top comments (0)