aws EC2 ubuntu server

nodejs-ssl-server

How to deploy nodejs app to AWS EC2 Ubuntu 22 Server with free SSL and Nginx reverse proxy

Installation instructions

1. Launch amazon ubuntu server in aws + Attach Elastic IP to the new instance

2. ssh to ubuntu to install packages

ssh -i <key.pem> ubuntu@<ip-address> -v

3. Update and Upgrade linux machine and install node and nvm

sudo apt update

sudo apt upgrade

sudo apt install -y git htop wget

3.1 install node

To install or update nvm, you should run the [install script][2]. To do that, you may either download and run the script manually, or use the following cURL or Wget command:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash

Or

wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash

Running either of the above commands downloads a script and runs it. The script clones the nvm repository to ~/.nvm, and attempts to add the source lines from the snippet below to the correct profile file (~/.bash_profile, ~/.zshrc, ~/.profile, or ~/.bashrc).

3.2 Copy & Past (each line separately)

export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

3.3 Verify that nvm has been installed

nvm --version

3.4 Install node

nvm install --lts # Latest stable node js server version

3.5 Check nodejs installed

node --version

3.6 Check npm installed

npm -v

4. Clone nodejs-ssl-server repository

cd /home/ubuntu

git clone https://github.com/saasscaleup/nodejs-ssl-server.git

5. Run node app.js (Make sure everything working)

cd nodejs-ssl-server

npm install

node app.js

6. Install pm2

npm install -g pm2 # may require sudo

7. Starting the app with pm2 (Run nodejs in background and when server restart)

pm2 start app.js --name=nodejs-ssl-server

pm2 save     # saves the running processes
                  # if not saved, pm2 will forget
                  # the running apps on next boot

7.1 IMPORTANT: If you want pm2 to start on system boot

pm2 startup # starts pm2 on computer boot

8. FREE SSL - Install Nginx web server

sudo apt install nginx

sudo nano /etc/nginx/sites-available/default

Add the following to the location part of the server block

server {
  server_name op1.evolo.fr;

  location / {
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html; }

   location /op1/ {
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/op1.evolo.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/op1.evolo.fr/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Check NGINX config

sudo nginx -t

Restart NGINX

sudo service nginx restart

You should now be able to visit your IP with no port (port 80) and see your app. Now let’s add a domain

9 Add domain in goDaddy.com

If you have domain, you can add A record to your EC2 instance IP with a new subdomain as I’m going to show you next

9.1 Check that Port 80 redirect to Nodejs server

10 Installing Free SSL

10.1 Installing Certbot

sudo snap install core; sudo snap refresh core

sudo apt remove certbot

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

10.2 Confirming Nginx’s Configuration

sudo nano /etc/nginx/sites-available/default

let edit this line:

...
server_name example.com www.example.com;
...

sudo nginx -t

sudo systemctl reload nginx

10.3 Obtaining an FREE SSL Certificate

sudo certbot --nginx -d app.example.com

Output:

IMPORTANT NOTES:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/your_domain/fullchain.pem
Key is saved at: /etc/letsencrypt/live/your_domain/privkey.pem
This certificate expires on 2022-06-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le

10.4 Verifying Certbot Auto-Renewal

sudo systemctl status snap.certbot.renew.service

Output:

○ snap.certbot.renew.service - Service for snap application certbot.renew
     Loaded: loaded (/etc/systemd/system/snap.certbot.renew.service; static)
     Active: inactive (dead)
TriggeredBy: ● snap.certbot.renew.timer

To test the renewal process, you can do a dry run with certbot:

sudo certbot renew --dry-run

11. install Webmin

webmin username = root

How do I change my Webmin password if I can’t login? If you installed Webmin using package manager (i.e. rpm or deb) use the following command to change Webmin user password:

webmin passwd username

12. install Rsync

rsync -avz --exclude 'node_modules' --exclude '.git' --exclude '.env' \
-e "ssh -i ~/.ssh/your-key.pem" \
. ubuntu@ip-address:~/app

Support 🙏😃

If you Like the tutorial and you want to support my channel so I will keep releasing amzing content that will turn you to a desirable Developer with Amazing Cloud skills… I will realy appricite if you:

1. Subscribe to My youtube channel and leave a comment: http://www.youtube.com/@ScaleUpSaaS?sub_confirmation=1
2. Buy me A coffee ❤️ : https://www.buymeacoffee.com/scaleupsaas

Thanks for your support :)