IOanyT Innovations
Deployment & usage guide

Deploy Nginx with SSL

From subscribing on AWS Marketplace to a running, secured instance — plus day-2 operations.

Operating system

Ubuntu 22.04 LTS

SSH user

ubuntu

This guide covers launching and using Nginx with SSL from AWS Marketplace.

Prerequisites

  • An AWS account with permission to subscribe to Marketplace products and launch EC2 instances.
  • An EC2 key pair for administrative access.

Step 1 — Subscribe & launch

  1. On the AWS Marketplace listing, choose Continue to Subscribe → Continue to Configuration → Continue to Launch.
  2. Select an instance type and your key pair.
  3. Configure the security group (see the ports below) and launch.

Step 2 — Security group / ports

Open port 22 (SSH) restricted to your IP, plus any application ports.

Step 3 — Connect

ssh -i "your-key.pem" ubuntu@<PUBLIC_IP>

If you get a key-permission error: chmod 400 your-key.pem.

Step 4 — Access the application

To verify the installation, follow the below instructions

  • Open browser
  • In the address bar of the browser, type http://<your-ip-address>
  • You will see the Nginx default page (see screenshot below)

Step 1. Connect to SSH

In a terminal window, use the ssh command to connect to the instance. You specify the user name for your instance, and the public DNS name or IPv6 address for your instance, the path and file name of the private key (.pem).

ssh ubuntu@publicIP -i [Path of key pair file]

If it shows access denied message run the following command, then run the above command again to connect via ssh.

chmod 400 [Path of key pair file]

Step 2. Activate SSL Encryption

Follow the steps to activate SSL Encryption on the system

  1. Open the configuration file for your domain using nano or your favorite text editor. example.com is domain just for the reference. You need to input your Domain name instead of example.com
sudo nano /etc/nginx/sites-available/example.com
  1. Find the existing server_name line. It should look like this:
server_name example.com www.example.com;
  1. Now run below commands
sudo nginx -t
sudo systemctl reload nginx
  1. Now run the below command with your domain name.
sudo certbot --nginx -d example.com -d www.example.com
  1. At the prompt “Enter email address” (used for urgent renewal and security notices), and press Enter.

  2. Agree to the Let’s Encrypt Terms of Service at the prompt. Enter “A”

Please read the Terms of Service at the Let’s Encrypt site. You must agree in order to register with the ACME server.

(A)gree/(C)ancel: A

  1. If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

  1. Select your choice then hit ENTER. The configuration will be updated, and Nginx will reload to pick up the new settings. certbot will wrap up with a message telling you the process was successful and where your certificates are stored.

Important notes: Congratulations! Your certificate and chain have been saved. Your cert will expire after 90 days. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot renew”.

Your certificates are downloaded, installed, and loaded. Try reloading your website using https:// and notice your browser’s security indicator. It should indicate that the site is properly secured, usually with a lock icon.

Screenshots

Nginx with SSL Nginx with SSL

Day-2 operations

Apply OS and package security updates on your normal cadence, snapshot the EBS volume for recovery, and forward logs/metrics to CloudWatch.

Support

Email support@ioanyt.com for help.