Setting up SSL in Nginx / Amazon Linux2
Written on by Byorn John De Silva.
The article below describes how I set up SSL for an Nginx instance hosted in Amazon Linux 2 AMI.
The below configuration also redirects port 80 traffic to my golang application runnning in port:8080
Steps
-
ssh into your ec2 instance
install nginx
sudo yum install nginx -y sudo systemctl start nginx sudo systemctl enable nginx
-
install certbot
sudo yum update sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum-config-manager --enable epel sudo yum install certbot python3-certbot-nginx certbot --version
-
Generate certificates
sudo certbot --nginx
your certs will be stored in/etc/letsencrypt/live/yourdomain.com/cert.pem
but you may not have permission to cd into the "live" folder
so if you made mistakes in generating certs you can rerun the cert generation command with auto renewal as shown below
sudo certbot certonly --force-renewal --webroot -w /usr/share/nginx/html -d yourdomain.com -d www.yourdomain.com --non-interactive --agree-tos -m your-email@example.com
- Add the necessary configurations to nginx
sudo vi /etc/nginx/conf.d/default.conf
copy and past the below config that redirects to port 8080
change below "yourdomain.com" to the domain name you provided
server { listen 80; server_name yourdomain.com www.yourdomain.com; location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /.well-known/acme-challenge/ { root /usr/share/nginx/html; } } server { listen 443 ssl; server_name yourdomain.com www.yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
-
check any errors in configuration
sudo nginx -t
- restart nginx
sudo systemctl restart nginx
make sure your application is running in localhost:8080