DEV Community

Uwadone Joshua
Uwadone Joshua

Posted on

Deploying a Secure Static Website using AWS EC2, Route 53, and Certbot in AWS

A Comprehensive Walkthrough to deploy a secure, high-performance static website

✅ Overview of Architecture

This guide provides a step-by-step, real-world approach to deploying a static website on AWS using:
Host a static website using Nginx (Web Server) on an EC2 instance (Virtual Server)..

Point a custom domain from Route 53 (DNS & Domain Management) to that server.

Secure it with SSL/TLS certificates using Certbot & Let’s Encrypt.

📌 Prerequisites

✅ AWS account: free-tier eligible (with necessary permissions to use EC2, Route 53, and Security Groups)

✅ Domain name (already registered via Route 53)

✅ Basic static website files (HTML/CSS/JS)

✅ SSH key pair to access the EC2 instance

✅ AWS CLI & access to terminal (e.g., VS Code terminal or local shell)

✅ Basic Linux CLI Knowledge (SSH, file editing)

🚀 Step-by-Step Guide

🟩 Step 1: Launch a Secure EC2 Instance

1. Launched an Ubuntu EC2 Instance named “jodinho_agency_server” with AMI of 24.04 LTS (HVM) in the us-west-2 region using the AWS console.

Create Server Name

2. Gave it the instance type of t2.micro which is within the free-tier. Created SSH key pair named jodinho-kp to access the instance on port 22. The default VPC and Subnet were used for the networking configuration.

Instance Type

3. The security group was configured with the following inbound rules:

Allow traffic on port 22 (SSH) with source IP addresses from any location.
Allow traffic on port 443 (HTTPS) with source from anywhere on the internet.
Allow traffic on port 80 (HTTP) with source from anywhere on the internet.
And we’ll leave the storage at default, 8GB GP3 volume storage. Then we hit the launch instance button.

Security Rules

4. First, we need to move the keypair file from the download folder into the .ssh folder;
cp ~/Downloads/jodinho-kp.pem ~/.ssh/

The private SSH key that got downloaded has now been moved, the permission was changed for the private key file and then used to connect to the instance by running the following commands;

chmod 400 ~/.ssh/jodinho-kp.pem

ssh -i ~/.ssh/jodinho-kp.pem ubuntu@54.212.87.210
Where username=ubuntu and public ip address=54.212.87.210

Connect to instance

🟩 Step 2: Update & Install Nginx

Step 1 - Install Nginx web server

1. Update and upgrade the server’s package index

Run a sudo apt update to download package information from all configured sources.

sudo apt update

Update Packages

Run a sudo apt upgrade to upgrade the package

sudo apt upgrade -y

Upgrade Packages

2. Install nginx

Run a sudo apt install nginx -y to install nginx

sudo apt install nginx -y

Install Nginx

3. Verify that nginx is active and running

To verify Nginx server has been installed and is running, we will run the following command

sudo systemctl status nginx

If it's green and running, then nginx is correctly installed

Nginx Status

4. Access nginx locally on the Ubuntu shell

Accessing the default nginx web server block to see if everything works correctly. curl the local IP address of our local machine, which in most cases is 127.0.0.1 or the DNS name localhost, on any web browser on our local machine:

curl http://54.212.87.210
curl http://localhost
Enter fullscreen mode Exit fullscreen mode

The below result shows Nginx has been properly set up, and we can deploy our web application.

Local URL

5. Test with the public IP address if the Nginx server can respond to requests from the internet using the URL in a browser.

http://54.212.87.210

Nginx Default Page

This shows that the web server is correctly installed and is accessible through the firewall.

🟩 Step 3: Upload Static Website Files

1. So we will clone the website from our Gitlab repo here using the command below:
Git clone https://gitlab.com/uwadon1-group/jodinho-digital-website.git Next, we will change directory into the just cloned repo using the command cd jodinho-digital-website.

Clone repo from Gitlab

2. Nginx has its default page where it serves its contents. We can move into the folder for the Nginx default page to check it out using the command: cd /var/www/html. When we type LS, we can see the Nginx default HTML page, e.g index.nginx-debian.html. To see the content, we type in cat index.nginx-debian.html and see the exact content we saw on the browser earlier, but in HTML format.

Nginx default html page

3. Now, we will copy all our files nginx /var/www/html directory to replace the default page that was initially served. To do that, we will use the following command:
sudo cp -r jodinho-digital-website/* /var/www/html. But before then, we will have to remove the default file nginx index page, using the command: sudo rm index.nginx-debian.html.

Replace Nginx Default Page

4. We will input our IP address into the browser again, other things being equal, the website we replaced on Nginx should reflect this time, even without restarting the Nginx server.

The New Nginx Default Page

🟩 Step 4: Point Route 53 Domain to EC2

1. What we want to do now is to link our IP address to our domain name, so instead of sharing IP addresses with visitors of your website, the best practice is to give them your domain name to input into the browser. We already have a domain name, so what we will do now is to map it to the IP address. If you need guidance on creating a domain on Route 53, this guide should help you

We will search for Route 53 service from the AWS search bar, and click on hosted zone, you will see your domain name, click on it and select create record. Input your record name, e.g, jodinho.uwhadone.click, Record Type: A, in the space of values, input your IP address, e.g, 54.212.87.210, leave the other options as default and click create record.

Create a new DNS record

We will wait a few minutes, then visit our domain via the browser http://jodinho.uwhadone.click.

Now, we have to make our website more secure via HTTPS rather than HTTP.

2. We will head back to our terminal and go to the directory serving our nginx configuration file located at /etc using the command:
cd /etc/nginx. Type LS to see a list of all the files and folders here. Our major concern here would be sites-enabled, that's where we can find the list of sites. We want our Nginx server to serve visitors. We will cd into this directory and delete the default configuration file there and create a new one to replace it, using this command: sudo rm default.

The Nginx /etc-sites

We will create a new nginx config file via the vim editor using the command below:

sudo vim default

And paste the following commands:

   server {
       listen 80;
       server_name jodinho.uwhadone.click;

       root /var/www/html;
       index index.html;

       location / {
           try_files $uri $uri/ =404;
       }
   }
Enter fullscreen mode Exit fullscreen mode

Nginx Config file

4. We can verify the syntax of our nginx configuration file is correct and also reload the nginx server using the commands below:

sudo nginx -t 
&& 
sudo systemctl reload nginx
Enter fullscreen mode Exit fullscreen mode

Verify and Reload The Nginx Config File

🟩 Step 6: Install Certbot & Enable HTTPS

1. Now we need to get rid of HTTP and make use of HTTPS in order to make our website more secure. We will have to install certbot (this is a free software that enables us to configure nginx to use TLS & SSL certificates for HTTPS)

We will install certbot using the following command:
sudo apt install certbot python3-certbot-nginx -y

Install Certbot

Next, we will type in this command sudo certbot --nginx -d jodinho.uwhadone.click. (What this command would do is to look through the Nginx configuration file and enable HTTPS.
A prompt will come up to type in your email address, type in yes for the remaining options, and you will see an update that it is requesting a certificate for your domain.

Certificate obtained

2. Now we will navigate back to our nginx config file to observe some changes in it. You will observe that certbot has made some adjustments to our nginx config file. You will also observe the SSL keys placed beside the nginx configuration

Install Certbot

3. Now we will have to restart nginx to observe the change in our website from being unsecured to HTTPS secured.

Run the command: sudo systemctl restart nginx

Access secure-website

✅ Deployment Complete!

🎉 Final Result
Static site hosted on AWS EC2
Custom domain via Route 53
Free SSL (HTTPS) via Certbot

Top comments (0)