Deploying NodeJS server in EC2 with Free SSL certificate
FSMD Fahid Sarker
Senior Software Engineer · July 6, 2024
Creating an EC2 instance and deploying you nodejs to it can be easy but setting up https can be a bit tricky. In this tutorial, I will show you how to deploy a NodeJS server in AWS EC2 with a free SSL certificate and Nginx reverse proxy. This step-by-step guide will help you set up your server, install NodeJS, and configure Nginx to serve your NodeJS app over HTTPS. By the end, you'll have a secure and scalable NodeJS server running in the cloud. Let's get started!
Installation instructions
1. Launch amazon ubuntu server in aws + Attach Elastic IP to the new instance
2. ssh to ubuntu to install packages
Code.bashssh -i <key.pem> ubuntu@<ip-address> -v
3. Update and Upgrade linux machine and install node and nvm
Code.bashsudo apt update
Code.bashsudo apt upgrade
Code.bashsudo apt install -y git htop wget
3.1 install node
To install or update nvm, you should run the [install script][2]. To do that, you may either download and run the script manually, or use the following cURL or Wget command:
Code.bashcurl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
Or
Code.bashwget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
Running either of the above commands downloads a script and runs it. The script clones the nvm repository to ~/.nvm, and attempts to add the source lines from the snippet below to the correct profile file (~/.bash_profile, ~/.zshrc, ~/.profile, or ~/.bashrc).
3.2 Copy & Past (each line separately)
Code.bashexport NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion" # This loads nvm bash_completion
3.3 Verify that nvm has been installed
Code.bashnvm --version
3.4 Install node
Code.bashnvm install --lts # Latest stable node js server version
3.5 Check nodejs installed
Code.bashnode --version
3.6 Check npm installed
Code.bashnpm -v
4. Clone nodejs-ssl-server repository
Code.bashcd /home/ubuntu
Code.bash# clone your own repo or a sample repo here: git clone https://github.com/saasscaleup/nodejs-ssl-server.git
5. Run node app.js (Make sure everything working)
Code.bashcd nodejs-ssl-server
Code.bashnpm install
Code.bashnode app.js
6. Install pm2
Code.bashnpm install -g pm2 # may require sudo
7. Starting the app with pm2 (Run nodejs in background and when server restart)
Code.bashpm2 start app.js --name=nodejs-ssl-server
Code.bashpm2 save # saves the running processes # if not saved, pm2 will forget # the running apps on next boot
7.1 IMPORTANT: If you want pm2 to start on system boot
Code.bashpm2 startup # starts pm2 on computer boot
8. FREE SSL - Install Nginx web server
Code.bashsudo apt install nginx
Code.bashsudo nano /etc/nginx/sites-available/default
Add the following to the location part of the server block
Code.bashserver_name yourdomain.com www.yourdomain.com; location / { proxy_pass http://localhost:5000; #whatever port your app runs on proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; }
Check NGINX config
Code.bashsudo nginx -t
Restart NGINX
Code.bashsudo service nginx restart
You should now be able to visit your IP with no port (port 80) and see your app. Now let's add a domain
9 Add domain in goDaddy.com
If you have domain, you can add A record to your EC2 instance IP with a new subdomain as I'm going to show you next
9.1 Check that Port 80 redirect to Nodejs server
10 Installing Free SSL
10.1 Installing Certbot
Code.bashsudo snap install core; sudo snap refresh core
Code.bashsudo apt remove certbot
Code.bashsudo snap install --classic certbot
Code.bashsudo ln -s /snap/bin/certbot /usr/bin/certbot
10.2 Confirming Nginx’s Configuration
Code.bashsudo nano /etc/nginx/sites-available/default
let edit this line:
Code.bash... server_name example.com www.example.com; ...
Code.bashsudo nginx -t
Code.bashsudo systemctl reload nginx
10.3 Obtaining an FREE SSL Certificate
Code.bashsudo certbot --nginx -d app.example.com
Output:
OutputIMPORTANT NOTES: Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/your_domain/fullchain.pem Key is saved at: /etc/letsencrypt/live/your_domain/privkey.pem This certificate expires on 2022-06-01. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le
10.4 Verifying Certbot Auto-Renewal
Code.bashsudo systemctl status snap.certbot.renew.service
Output:
Output○ snap.certbot.renew.service - Service for snap application certbot.renew Loaded: loaded (/etc/systemd/system/snap.certbot.renew.service; static) Active: inactive (dead) TriggeredBy: ● snap.certbot.renew.timer
To test the renewal process, you can do a dry run with certbot:
Code.bashsudo certbot renew --dry-run
11. Visit your website HTTPS://
Enjoy Your free Nodejs server with Free SSL :)
