HTTPS for Node.js

post-thumb

Enabling HTTPS on Amazon Linux 2023

Securing your Node.js application on AWS Linux 2023 with HTTPS is crucial for data protection and trustworthiness. This guide covers setting up a reverse proxy with Nginx and securing it with SSL/TLS certificates from Let’s Encrypt.

Working with Linux, especially the 2023 Amazon version, presents its own set of challenges due to differences in package management and system configurations compared to other Linux distributions. However, it’s important to note that while Linux distributions vary, they share many commonalities, making the learning curve manageable.

This guide is designed to help you enable HTTPS on a Node.js server running on an Amazon Linux 2023 EC2 instance. It provides specific instructions suited for this setup. If you’re working in a different environment, you may need to adapt these instructions or seek guidance more relevant to your specific configuration.

Install a Reverse Proxy Server

If you’re unfamiliar with the concepts of a Reverse Proxy server I’ll leave it for you to read up on and stick to a concise procedure here. Let’s open an SSH connection to your instance and start.

Install Nginx:

sudo dnf install nginx 

Start and Enable Nginx:

sudo systemctl start nginx 
sudo systemctl enable nginx 

Obtain SSL/TLS Certificates

Install Certbot via pip:

sudo dnf install python3-pip 
sudo pip3 install certbot

At this point you’ll likely see an error in red text.

ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
awscli 2.9.19 requires cryptography<=38.0.5,>=3.3.2, but you have cryptography 41.0.7 which is incompatible.

The error won’t affect your outcome, so continue onwards.

Install the Certbot Nginx Plugin:

sudo pip3 install certbot-nginx 

Configure Nginx:

Edit the Nginx configuration:

sudo nano /etc/nginx/nginx.conf

In the “http” section, add:

server {
    server_name app.example.com;
    location / {
        proxy_pass http://localhost:3000;
    }
}

Change app.example.com to the URL of your application. Leave the localhost line as-is, unless your node.js server not on port 3000, in which case update that to whatever port your server is on.

This can go directly above the line that says # Settings for a TLS enabled server. If you’re only an occasional linux user, nano will be the least frustrating text editor to use. You should be able to stumble through with it even if it’s your first time.

Verify Nginx Configuration:

Check for syntax errors:

sudo nginx -t 

If okay, restart Nginx:

sudo systemctl restart nginx

Run Certbot for Nginx:

sudo certbot --nginx 

Follow the interactive prompts to complete the SSL certificate setup.

If you get an error with Timeout during connect (likely firewall problem) in it, the problem is likely your EC2’s security group. You’ll need to use the AWS EC2 console to find and edit the instance’s security group to add inbound rules for nginx on ports 80 and 443 for HTTP and HTTPS.

Set Up Certbot Auto-Renewal with Systemd

Create a Systemd Service File:

sudo nano /etc/systemd/system/certbot-renew.service 

Add:

[Unit]
Description=Certbot Renewal

[Service]
ExecStart=/usr/bin/certbot renew --quiet

Create a Timer File:

sudo nano /etc/systemd/system/certbot-renew.timer 

Add:

[Unit]
Description=Run certbot renew twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
Persistent=true

[Install]
WantedBy=timers.target

Enable and Start the Timer:

sudo systemctl daemon-reload 
sudo systemctl enable certbot-renew.timer 
sudo systemctl start certbot-renew.timer 

Verify the Timer:

Check with:
systemctl list-timers --all 

Testing the Renewal Process:

sudo certbot renew --dry-run 

Conclusion

You have now configured HTTPS for your Node.js application on AWS Linux 2023 using Nginx and Let’s Encrypt. This setup ensures secure communication and improves your web application’s credibility.

Comments are disabled. To share feedback, please send email, or join the discussion on Discord.