🌐 Secure NGINX Web Server on AWS EC2 with Let's Encrypt SSL and Custom Domain

Setting up a secure web server is a foundational DevOps skill. In this post, you'll learn how to

✅ Launch an EC2 instance
✅ Set up NGINX with a custom Hello page
✅ Secure it with a free SSL certificate using Let's Encrypt
✅ Connect your domain using Route 53

🧰 Prerequisites

• AWS account
• A registered domain (Route 53, GoDaddy, etc.)
• PuTTY (Windows) or terminal (Linux/macOS)
• Basic Linux command-line knowledge

☁️ Step 1: Launch an EC2 Instance

1. Go to the AWS EC2 Dashboard
2. Click Launch Instance
3. Choose OS: Ubuntu 22.04 or Amazon Linux 2
4. Select instance type: t3.medium
5. Configure in a Public Subnet of a VPC
6. Enable inbound rules in the Security Group
   • TCP 22 (SSH)
   • TCP 80 (HTTP)
   • TCP 443 (HTTPS)
7. Download the .pem key pair

💻 Step 2: Connect via SSH using PuTTY (Windows)

1. Open PuTTYgen

   • Load your .pem file
   • Click Save Private Key → this generates .ppk

2. Open PuTTY

   • Host Name: ubuntu@your-ec2-ip
   • Go to Connection → SSH → Auth
   • Load the .ppk file
   • Click Open → You’re connected

🌍 Step 3: Point Domain to EC2

1. Go to Route 53 → Hosted Zones
2. Click Create Record
   • Type: A
   • Name: @ or www
   • Value: your EC2 IP

📌 Test: Visit http://yourdomain.com — NGINX default page should appear.

🔧 Step 4: Install NGINX + Hello Page

sudo apt update
sudo apt install nginx -y
echo "<h1>Hello from AWS + NGINX</h1>" | sudo tee /var/www/html/index.html
sudo systemctl restart nginx

Access it at http://yourdomain.com

🔐 Step 5: Add Free SSL with Let’s Encrypt

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y

Run Certbot for your domain:

sudo certbot --nginx -d yourdomain.com

Test auto-renewal:

sudo certbot renew --dry-run

🧠 Bonus: Editing the NGINX Config

sudo vim /etc/nginx/sites-available/default

Example Config:

server {
    listen 80;
    server_name yourdomain.com;

    root /var/www/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Save and reload:

sudo systemctl reload nginx

📌 Project Structure

📂 /var/www/html/index.html       # Custom hello page
📂 /etc/nginx/sites-available     # NGINX site configs
🔐 SSL: Managed by Certbot
🌐 Domain: Managed via Route 53

📊 Architecture Diagram

🏁 Final Output

https://yourdomain.com

With NGINX serving your page securely over HTTPS

If you found this helpful, please ❤️ or 🦄 and follow for more AWS & DevOps content...