Recently, I figured out how to set up a Free SSL certificate NodeJS App in AWS EC2. Then, I would like to share what I've done so far.
Firstly we need some prerequisites below:
- AWS EC2 Instance with NodeJS installed
- Domain purchased from any provider
Step 1. EC2 Setup
Create Instance
I've used a t2.micro Linux instance, choose your desired instance and click on Review and Launch
Security Group
Setup inbound security group settings to allow incoming traffic on http port 80, https port 443, and 22 for SSH as well.
Elastic IP
Allocate static IP address for your instance
- Go to EC2 Dashboard > Network & Security > Elastic IPs
- Click on Allocate Elastic IP Address
- Select the newly generated static IP. Click on the dropdown Actions > Associate Elastic IP Address > Select Instance > Associate
SSH to your instance
Go to EC2 Dashboard > Instances > Select Instance ID and click on connect in the right section
Step 2. Set Up IP Tables
We need to set up IP Tables because NodeJS Express Server cannot access port 80/443. We'll set up server to listen on port 8443 for HTTPS (8000 for HTTP) and redirect traffic to it.
# Lookup IP routing tables
sudo iptables -t nat -L
# Add HTTP port 80 and 443 traffic redirect rule
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8000
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
Step 3. Generate Private Key, CA Bundle and SSL Certificate
We'll use SSL For Free for generating key and SSL certificate for free.
- Firstly we need to create account in SSL For Free
- Click on Certificates > New Certificate
- Enter your domain or subdomain and click Next Step
- Select 90-Day Certificate for free SSL and Next Step
- Finalize order and make sure select free
- Then, you need to verify your domain, I choose verification using DNS (CNAME) because it's easier
- Finally, it'll take some time to verify our domain
- If the order has been issued, then download certificate
Step 4. Domain Routing
Next we'll route our instance to our domain provider.
- Go to your DNS Management dashboard
- Create new
A Recordwith Elastic IP Address as a value, and fill host with the same address which we have registered in SSL For Free - Then, wait for some time to activate the configuration
Step 5. Certificate Activation
Finally, we'll create a simple server to apply our SSL certificate.
- Firstly, SSH to your EC2 instance
- Upload and extract certificate zip file from SSL For Free to our project folder
- Create
index.jsfile and write the following code
We'll create simple server as below:
const https = require('https');
const fs = require('fs');
const https_options = {
ca: fs.readFileSync("ca_bundle.crt"),
key: fs.readFileSync("private.key"),
cert: fs.readFileSync("certificate.crt")
};
https.createServer(https_options, function (req, res) {
res.writeHead(200);
res.end("Welcome to Node.js HTTPS Server");
}).listen(8443)
- Run
node index.js - Now open your browser and go to your domain
- If everything was set up correctly you'll see green https in your browser address bar.
Folder Structure
Node Project
│ index.js
│ private.key // Zip file from SSL For Free
│ ca_bundle.crt // Zip file from SSL For Free
│ certificate.crt // Zip file from SSL For Free
Top comments (7)
I use greenlock express npmjs.com/package/greenlock-express, it is fully automate
Nice, I'll check it out
Why do you need to allocate static IP address for your instance?
because we need to fill out A Record pointing to our elastic IP address as domain routing
Got it. Thanks.
is it safe to put certs on server in project?
I get this error: ERR_CERT_COMMON_NAME_INVALID. How do I fix it?