🌐 Secure NGINX Web Server on AWS EC2 with Let's Encrypt SSL and Custom Domain
#aws#vpc#ec2#route53
Ashwini Singh

Ashwini Singh @ashwinisingh

Joined:
May 23, 2025

🌐 Secure NGINX Web Server on AWS EC2 with Let's Encrypt SSL and Custom Domain

Publish Date: May 23
0 0

Setting up a secure web server is a foundational DevOps skill. In this post, you'll learn how to

✅ Launch an EC2 instance
✅ Set up NGINX with a custom Hello page
✅ Secure it with a free SSL certificate using Let's Encrypt
✅ Connect your domain using Route 53

🧰 Prerequisites

  • AWS account
  • A registered domain (Route 53, GoDaddy, etc.)
  • PuTTY (Windows) or terminal (Linux/macOS)
  • Basic Linux command-line knowledge

☁️ Step 1: Launch an EC2 Instance

  1. Go to the AWS EC2 Dashboard
  2. Click Launch Instance
  3. Choose OS: Ubuntu 22.04 or Amazon Linux 2
  4. Select instance type: t3.medium
  5. Configure in a Public Subnet of a VPC
  6. Enable inbound rules in the Security Group
    • TCP 22 (SSH)
    • TCP 80 (HTTP)
    • TCP 443 (HTTPS)
  7. Download the .pem key pair

💻 Step 2: Connect via SSH using PuTTY (Windows)

  1. Open PuTTYgen

    • Load your .pem file
    • Click Save Private Key → this generates .ppk

  2. Open PuTTY

    • Host Name: ubuntu@your-ec2-ip
    • Go to Connection → SSH → Auth
    • Load the .ppk file
    • Click Open → You’re connected

🌍 Step 3: Point Domain to EC2

  1. Go to Route 53 → Hosted Zones
  2. Click Create Record
    • Type: A
    • Name: @ or www
    • Value: your EC2 IP

📌 Test: Visit http://yourdomain.com — NGINX default page should appear.

🔧 Step 4: Install NGINX + Hello Page 

sudo apt update
sudo apt install nginx -y
echo "<h1>Hello from AWS + NGINX</h1>" | sudo tee /var/www/html/index.html
sudo systemctl restart nginx
Enter fullscreen mode Exit fullscreen mode

Access it at http://yourdomain.com

🔐 Step 5: Add Free SSL with Let’s Encrypt

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y
Enter fullscreen mode Exit fullscreen mode

Run Certbot for your domain:

sudo certbot --nginx -d yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Test auto-renewal:

sudo certbot renew --dry-run
Enter fullscreen mode Exit fullscreen mode

🧠 Bonus: Editing the NGINX Config 

sudo vim /etc/nginx/sites-available/default
Enter fullscreen mode Exit fullscreen mode

Example Config:

server {
    listen 80;
    server_name yourdomain.com;

    root /var/www/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}
Enter fullscreen mode Exit fullscreen mode

Save and reload:

sudo systemctl reload nginx
Enter fullscreen mode Exit fullscreen mode

📌 Project Structure 

📂 /var/www/html/index.html       # Custom hello page
📂 /etc/nginx/sites-available     # NGINX site configs
🔐 SSL: Managed by Certbot
🌐 Domain: Managed via Route 53
Enter fullscreen mode Exit fullscreen mode

📊 Architecture Diagram

Image description

🏁 Final Output 

https://yourdomain.com
Enter fullscreen mode Exit fullscreen mode

With NGINX serving your page securely over HTTPS

If you found this helpful, please ❤️ or 🦄 and follow for more AWS & DevOps content...

Comments 0 total

    Add comment