DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» is a community of 968,547 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Cover image for How to Set Up Free SSL for NodeJS App in AWS EC2
Miftahul Arifin
Miftahul Arifin

Posted on

How to Set Up Free SSL for NodeJS App in AWS EC2

Recently, I figured out how to set up a Free SSL certificate NodeJS App in AWS EC2. Then, I would like to share what I've done so far.

Firstly we need some prerequisites below:

  • AWS EC2 Instance with NodeJS installed
  • Domain purchased from any provider

Step 1. EC2 Setup

Create Instance

I've used a t2.micro Linux instance, choose your desired instance and click on Review and Launch

Security Group

Setup inbound security group settings to allow incoming traffic on http port 80, https port 443, and 22 for SSH as well.

Elastic IP

Allocate static IP address for your instance

  • Go to EC2 Dashboard > Network & Security > Elastic IPs
  • Click on Allocate Elastic IP Address
  • Select the newly generated static IP. Click on the dropdown Actions > Associate Elastic IP Address > Select Instance > Associate

SSH to your instance

Go to EC2 Dashboard > Instances > Select Instance ID and click on connect in the right section

Step 2. Set Up IP Tables

We need to set up IP Tables because NodeJS Express Server cannot access port 80/443. We'll set up server to listen on port 8443 for HTTPS (8000 for HTTP) and redirect traffic to it.

# Lookup IP routing tables
sudo iptables -t nat -L

# Add HTTP port 80 and 443 traffic redirect rule
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8000
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
Enter fullscreen mode Exit fullscreen mode

Step 3. Generate Private Key, CA Bundle and SSL Certificate

We'll use SSL For Free for generating key and SSL certificate for free.
Screenshot SSL for Free

  • Firstly we need to create account in SSL For Free
  • Click on Certificates > New Certificate
  • Enter your domain or subdomain and click Next Step
  • Select 90-Day Certificate for free SSL and Next Step
  • Finalize order and make sure select free
  • Then, you need to verify your domain, I choose verification using DNS (CNAME) because it's easier
  • Finally, it'll take some time to verify our domain
  • If the order has been issued, then download certificate

Step 4. Domain Routing

Next we'll route our instance to our domain provider.

  • Go to your DNS Management dashboard
  • Create new A Record with Elastic IP Address as a value, and fill host with the same address which we have registered in SSL For Free
  • Then, wait for some time to activate the configuration

Step 5. Certificate Activation

Finally, we'll create a simple server to apply our SSL certificate.

  • Firstly, SSH to your EC2 instance
  • Upload and extract certificate zip file from SSL For Free to our project folder
  • Create index.js file and write the following code

We'll create simple server as below:

const https = require('https');
const fs = require('fs');
const https_options = {
 ca: fs.readFileSync("ca_bundle.crt"),
 key: fs.readFileSync("private.key"),
 cert: fs.readFileSync("certificate.crt")
};
https.createServer(https_options, function (req, res) {
 res.writeHead(200);
 res.end("Welcome to Node.js HTTPS Server");
}).listen(8443)
Enter fullscreen mode Exit fullscreen mode
  • Run node index.js
  • Now open your browser and go to your domain
  • If everything was set up correctly you'll see green https in your browser address bar.

Folder Structure

Node Project
β”‚   index.js
β”‚   private.key        // Zip file from SSL For Free
β”‚   ca_bundle.crt      // Zip file from SSL For Free
β”‚   certificate.crt    // Zip file from SSL For Free
Enter fullscreen mode Exit fullscreen mode

Top comments (3)

Collapse
 
andrej_gajdos profile image
Andrej Gajdos

Why do you need to allocate static IP address for your instance?

Collapse
 
arifintahu profile image
Miftahul Arifin Author

because we need to fill out A Record pointing to our elastic IP address as domain routing

Collapse
 
andrej_gajdos profile image
Andrej Gajdos

Got it. Thanks.

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.