Ashwini Singh

Posted on May 23

🌐 Secure NGINX Web Server on AWS EC2 with Let's Encrypt SSL and Custom Domain

#aws #vpc #ec2 #route53

Setting up a secure web server is a foundational DevOps skill. In this post, you'll learn how to

✅ Launch an EC2 instance
✅ Set up NGINX with a custom Hello page
✅ Secure it with a free SSL certificate using Let's Encrypt
✅ Connect your domain using Route 53

🧰 Prerequisites

AWS account
A registered domain (Route 53, GoDaddy, etc.)
PuTTY (Windows) or terminal (Linux/macOS)
Basic Linux command-line knowledge

☁️ Step 1: Launch an EC2 Instance

Go to the AWS EC2 Dashboard
Click Launch Instance
Choose OS: Ubuntu 22.04 or Amazon Linux 2
Select instance type: t3.medium
Configure in a Public Subnet of a VPC
Enable inbound rules in the Security Group
- TCP 22 (SSH)
- TCP 80 (HTTP)
- TCP 443 (HTTPS)
Download the .pem key pair

💻 Step 2: Connect via SSH using PuTTY (Windows)

Open PuTTYgen
- Load your .pem file
- Click Save Private Key → this generates .ppk
Open PuTTY
- Host Name: ubuntu@your-ec2-ip
- Go to Connection → SSH → Auth
- Load the .ppk file
- Click Open → You’re connected

🌍 Step 3: Point Domain to EC2

Go to Route 53 → Hosted Zones
Click Create Record
- Type: A
- Name: @ or www
- Value: your EC2 IP

📌 Test: Visit http://yourdomain.com — NGINX default page should appear.

🔧 Step 4: Install NGINX + Hello Page

sudo apt update
sudo apt install nginx -y
echo "<h1>Hello from AWS + NGINX</h1>" | sudo tee /var/www/html/index.html
sudo systemctl restart nginx

Access it at http://yourdomain.com

🔐 Step 5: Add Free SSL with Let’s Encrypt

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y

Run Certbot for your domain:

sudo certbot --nginx -d yourdomain.com

Test auto-renewal:

sudo certbot renew --dry-run

🧠 Bonus: Editing the NGINX Config

sudo vim /etc/nginx/sites-available/default

Example Config:

server {
    listen 80;
    server_name yourdomain.com;

    root /var/www/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Save and reload:

sudo systemctl reload nginx

📌 Project Structure

📂 /var/www/html/index.html       # Custom hello page
📂 /etc/nginx/sites-available     # NGINX site configs
🔐 SSL: Managed by Certbot
🌐 Domain: Managed via Route 53

📊 Architecture Diagram

🏁 Final Output

https://yourdomain.com

With NGINX serving your page securely over HTTPS

If you found this helpful, please ❤️ or 🦄 and follow for more AWS & DevOps content...

DEV Community