HTTPS for Node.js
Enabling HTTPS on Amazon Linux 2023
Securing your Node.js application on AWS Linux 2023 with HTTPS is crucial for data protection and trustworthiness. This guide covers setting up a reverse proxy with Nginx and securing it with SSL/TLS certificates from Let’s Encrypt.
Working with Linux, especially the 2023 Amazon version, presents its own set of challenges due to differences in package management and system configurations compared to other Linux distributions. However, it’s important to note that while Linux distributions vary, they share many commonalities, making the learning curve manageable.
This guide is designed to help you enable HTTPS on a Node.js server running on an Amazon Linux 2023 EC2 instance. It provides specific instructions suited for this setup. If you’re working in a different environment, you may need to adapt these instructions or seek guidance more relevant to your specific configuration.
Install a Reverse Proxy Server
If you’re unfamiliar with the concepts of a Reverse Proxy server I’ll leave it for you to read up on and stick to a concise procedure here. Let’s open an SSH connection to your instance and start.
Install Nginx:
sudo dnf install nginx
Start and Enable Nginx:
sudo systemctl start nginx
sudo systemctl enable nginx
Obtain SSL/TLS Certificates
Install Certbot via pip:
sudo dnf install python3-pip
sudo pip3 install certbot
At this point you’ll likely see an error in red text.
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
awscli 2.9.19 requires cryptography<=38.0.5,>=3.3.2, but you have cryptography 41.0.7 which is incompatible.
The error won’t affect your outcome, so continue onwards.
Install the Certbot Nginx Plugin:
sudo pip3 install certbot-nginx
Configure Nginx:
Edit the Nginx configuration:
sudo nano /etc/nginx/nginx.conf
In the “http” section, add:
server {
server_name app.example.com;
location / {
proxy_pass http://localhost:3000;
}
}
Change app.example.com to the URL of your application. Leave the localhost line as-is, unless your node.js server not on port 3000, in which case update that to whatever port your server is on.
This can go directly above the line that says # Settings for a TLS enabled server. If you’re only an occasional linux user, nano will be the least frustrating text editor to use. You should be able to stumble through with it even if it’s your first time.
Verify Nginx Configuration:
Check for syntax errors:
sudo nginx -t
If okay, restart Nginx:
sudo systemctl restart nginx
Run Certbot for Nginx:
sudo certbot --nginx
Follow the interactive prompts to complete the SSL certificate setup.
If you get an error with Timeout during connect (likely firewall problem) in it, the problem is likely your EC2’s security group. You’ll need to use the AWS EC2 console to find and edit the instance’s security group to add inbound rules for nginx on ports 80 and 443 for HTTP and HTTPS.
Set Up Certbot Auto-Renewal with Systemd
Create a Systemd Service File:
sudo nano /etc/systemd/system/certbot-renew.service
Add:
[Unit]
Description=Certbot Renewal
[Service]
ExecStart=/usr/bin/certbot renew --quiet
Create a Timer File:
sudo nano /etc/systemd/system/certbot-renew.timer
Add:
[Unit]
Description=Run certbot renew twice daily
[Timer]
OnCalendar=*-*-* 00,12:00:00
Persistent=true
[Install]
WantedBy=timers.target
Enable and Start the Timer:
sudo systemctl daemon-reload
sudo systemctl enable certbot-renew.timer
sudo systemctl start certbot-renew.timer
Verify the Timer:
Check with:
systemctl list-timers --all
Testing the Renewal Process:
sudo certbot renew --dry-run
Conclusion
You have now configured HTTPS for your Node.js application on AWS Linux 2023 using Nginx and Let’s Encrypt. This setup ensures secure communication and improves your web application’s credibility.
