Deploying a NodeJS Application on AWS EC2 with Nginx and SSL
Welcome to a comprehensive guide on deploying a Node.js application to an AWS EC2 instance. This tutorial aims to equip you with the knowledge to deploy your application efficiently and securely.
This tutorial is centered on deploying a Node.js application on an EC2 instance running Ubuntu. However, the methods outlined are applicable to deploying any Node.js application or framework.
Prerequisites
- An AWS Account
- A domain name
- An EC2 instance 📎Link
Getting started
Begin by connecting to your EC2 instance. Once connected, execute the following commands to refresh your package listings
sudo apt update && sudo apt upgrade && sudo apt dist-upgradeInstalling Git
To proceed, we must clone the application into our instance, requiring Git installation. Execute the following to install Git
sudo apt install gitTo verify the successful installation of Git
git --versionInstalling Node.js
To run a Node.js application, setting up a Node.js environment is crucial. Here, I have added two methods for installing Node.js; please use either one to install Node.
Installing through NodeSource
Here’s a step-by-step guide on how to install Node.js using NodeSource. This will install Node.js and npm (Node package manager):
- Retrieve the installation script:
curl -fsSL https://deb.nodesource.com/setup_18.x -o nodesource_setup.sh(Change 16.x to whatever version line you prefer, like 14.x or 18.x.)
Run the script:
sudo bash nodesource_setup.shInstall Node.js:
sudo apt-get install -y nodejs2. Installing through NVM
For this purpose, we’re installing NVM (Node Version Manager), which facilitates the management of multiple Node.js versions, allowing for easy switching between them.
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
source ~/.bashrcTo install a specific Node.js version
nvm install <node-version>To switch among various Node.js versions
nvm use <node-version>Cloning the Repository
To successfully clone and launch the application, follow this checklist.
- Clone the application.
git clone <https-repo-url>- Checkout to the updated branch.
git checkout <branch-name>- Add .env file.
sudo nano .env- Install npm dependency.
npm ci- Build the application.
npm run build- Execute the application once to ensure it functions correctly (Opt.).
npm startAfter cloning the application and ensuring it’s running correctly, proceed to use PM2 to launch it. This approach guarantees that the application remains operational even after closing the terminal.
Installing PM2
PM2 is a tool for managing Node.js applications. It ensures your apps run continuously, restarts them if they crash, and can manage multiple instances for better performance.
Use it by installing with npm
npm i -g pm2To launch an application with PM2, first move to the application’s root directory using the cd command. Then execute the following command to start the application with PM2.
pm2 start npm --name "appname" -- run "command"Following are some of the helpful pm2 commands
// List all the applications
pm2 list
// Log a specific application
pm2 log <id>
// Start, stop, or restart instances
pm2 start <id>
pm2 stop <id>
pm2 restart <id>
// Examples of passing IDs
pm2 log 1 // Logs application with ID 1
pm2 log all // Logs all applications
pm2 log 1 2 3 // Logs applications with IDs 1, 2, and 3
Having successfully launched the application with PM2, we now need to ensure it’s accessible externally. For this, we’ll utilize Nginx, a web server that serves as a proxy layer, enabling external access to the application.
Installing Nginx
Execute the following command to install Nginx
sudo apt install nginxIt is recommended that you enable the most restrictive profile that will still allow the traffic you’ve configured. Right now, we will only need to allow traffic on port 80.
sudo ufw allow 'Nginx HTTP'To confirm Nginx has been correctly installed, use the following command.
sudo systemctl status nginxAfter successfully installing Nginx, it’s time to configure it. This involves editing Nginx’s configuration files to define how it serves your application to external requests.
navigate to sites-available inside the nginx folder.
cd /etc/nginx/sites-available/Create a new file named app1.conf and input the following configurations into it. This file will specify how Nginx directs traffic to your application, setting up the necessary proxy settings for external access.
server {
listen 80;
server_name example.com www.example.com; # change the doamin name
root /var/www/html;
index index.html index.htm;
location / {
proxy_pass http://127.0.0.1:3000; # change the port
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Now, Create a symbolic link (symlink) in sites-enabled that points to your configuration file in sites-available. This step is crucial for enabling the new settings you've added for your application.
To create the symbolic link, execute the following command:
sudo ln -s /etc/nginx/sites-available/app1.conf /etc/nginx/sites-enabled/Likewise, you can create multiple .conf files if you're managing multiple applications. Just ensure to modify the server_name and proxy_pass accordingly.
We can test the nginx config by running the following command.
sudo nginx -tAfter completing the configuration, restart Nginx to apply the changes by executing the following command.
sudo systemctl restart nginx.serviceConfiguring the domain name
To configure your domain, log into your DNS service provider’s website and navigate to the DNS settings. Select type as A record. for a subdomain, enter its name, or use @ to point to your main domain under the name field. In the value field, input the public IP address of your EC2 instance. This step directs traffic from your domain to your application hosted on AWS EC2.
Example:
| Type | Name | Value |
|---|---|---|
| A | dev | xx.xx.xx |
| A | www.dev | xx.xx.xx |
Enabling SSL certificate
After configuring your domain, the next step is to secure your application with an SSL certificate, enabling HTTPS. This is crucial for establishing a secure connection, protecting data exchange between users and your application.
To install Certbot, which is used for obtaining SSL certificates from Let’s Encrypt for your application’s domains, follow these commands
Update your package list to ensure you can install the latest version of Certbot
sudo apt-get updateInstall Certbot and its Nginx plugin:
sudo apt install python3-certbot-nginx -yTo obtain an SSL certificate for your domain using Certbot and Let’s Encrypt, execute the following command:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comAutomating SSL renew
The generated SSL certificate will be valid for 90 days. To ensure the SSL certificate renews automatically every 90 days, we’ll set up a cron job. A cron job is a scheduled task that runs at predetermined times. This automatic renewal process is vital for keeping your SSL certificate up to date, ensuring your website remains secure without manual intervention.
Start by installing cron
sudo apt install cronAfter installing cron, it can be activated using the following command
sudo systemctl enable cronCreate a file on the instance to input the renewal commands.
sudo nano ssl_auto_renew.shInsert the following commands into the file we created.
echo "Cron job ran on $(date)"
sudo certbot renewGrant execution permissions to the file we created.
sudo chmod +x ./ssl_auto_renew.shTo set up Cron, use the following command.
sudo crontab -eThis command will ask you to select a text editor. Choose nanoas the editor by selecting option 1.
Insert the provided code into the opened file, save it by pressing ctrl + S, and exit by pressing ctrl + X.
0 0 * * * /home/ubuntu/ssl_auto_renew.sh >> /home/ubuntu/cron.log 2>&1Note:/home/ubuntuis specific for ubuntu if you are using different Linux distribution usepwdto find out the current directory
0 0 * * * specifies that it will execute daily at 12 AM
The path /home/ubuntu/ssl_auto_renew.sh indicates the location of the script to be run.
The segment >> /home/ubuntu/cron.log 2>&1 directs the output to a file named cron.log, with 2>&1 ensuring that both standard output and error logs are captured.
We can check if the cron is executed by examining the cron.log file, which stores the logs.
Conclusion
We’ve come to the end, and I hope your application is up and running. Thank you for visiting my blog.
