DEV Community

Cover image for Securing Your Node.js App on AWS EC2: A Guide to Nginx, Let's Encrypt, and Custom Domains
Mayank Soni
Mayank Soni

Posted on

Securing Your Node.js App on AWS EC2: A Guide to Nginx, Let's Encrypt, and Custom Domains

In today's digital landscape, security is paramount. This guide aims to walk you through the process of securing your Node.js application on an AWS EC2 instance. We'll cover configuring Nginx, obtaining a free SSL certificate from Let's Encrypt, and setting up a custom domain.

Step 1: SSH into your EC2 instance

Login to you instance with your instance username and Key File:

ssh  -i "PATH/TO/YOUR/KEY/FILE.PEM" "USER-NAME@SERVER-IP"
Enter fullscreen mode Exit fullscreen mode

Step 2: Install Nginx and Certbot

If you haven't already installed Nginx, you can do so using your package manager. For example, on a Debian-based system:

sudo apt update
sudo apt install nginx certbot python3-certbot-nginx
Enter fullscreen mode Exit fullscreen mode

(python3-certbot-nginx is an Nginx plugin for Certbot)

Step 3: Configure Nginx for Your Node.js App

Begin by installing Nginx on your EC2 instance. You can create a dedicated Nginx configuration file tailored for your Node.js app, but I'm using the default configuration file:

sudo nano /etc/nginx/sites-available/default
Enter fullscreen mode Exit fullscreen mode

This file directs Nginx to act as a reverse proxy, forwarding requests to your Node.js application. Remember to replace YOUR-DOMAIN-NAME.TLD with your domain name in this snippet:

server {
    listen 80;
    server_name YOUR-DOMAIN-NAME.TLD WWW.YOUR-DOMAIN-NAME.TLD;

    location / {
        proxy_pass http://127.0.0.1:PORT;
    }
}
Enter fullscreen mode Exit fullscreen mode

Ensure your Node.js app is running on the specified port (PORT in the Nginx configuration).

Step 4: Obtain a Free SSL Certificate with Let's Encrypt

Enhance your website's security by obtaining a free SSL certificate from Let's Encrypt. Install Certbot and run the following command:

sudo certbot --nginx -d YOUR-DOMAIN-NAME.TLD -d WWW.YOUR-DOMAIN-NAME.TLD
Enter fullscreen mode Exit fullscreen mode

Certbot will prompt you for necessary information and automatically configure Nginx to use the SSL certificate.

Step 5: Configure Certbot Auto-Renewal

Certificates obtained from Let's Encrypt are typically valid for 90 days. To automate the renewal process, Certbot provides a renewal script that you can set up with a cron job.

sudo certbot renew --dry-run
Enter fullscreen mode Exit fullscreen mode

This command tests the renewal process without making any changes. If it runs without errors, you can add it to your crontab.

sudo crontab -e
Enter fullscreen mode Exit fullscreen mode

Add the following line to run the renewal check twice a day:

0 */12 * * * /usr/bin/certbot renew --quiet
Enter fullscreen mode Exit fullscreen mode

Step 6: Restart Nginx

Before restarting Nginx, it's a good idea to test the configuration to catch any syntax errors:

sudo nginx -t
Enter fullscreen mode Exit fullscreen mode

If the test is successful, restart Nginx to apply the changes restart Nginx to apply the changes:

sudo service nginx restart
Enter fullscreen mode Exit fullscreen mode

Now, your site should be accessible using HTTPS, and the SSL certificate will automatically renew when necessary. Make sure to check your website to ensure that it's loading securely over HTTPS.

If you encounter any issues, feel free to ask in the comments for further assistance!

Top comments (0)