Enable SSL of nginx server on a single EC2 instance of AWS Elastic Beanstalk

To Nha Notes | Feb. 3, 2021, 7:47 p.m.

If your site is using AWS ALB, we can freely request a SSL certificate from AWS Certificate Manager and enable SSL at ALB listener. In case your site is just small one, or just kind of prototype, you should not use ALB which may charge you about $18 per month.

So, to enable SSL for your site which is served via nginx web server on a single AWS EC2 instance. We can do it as below.

Configure nginx to enable SSL:

server {
        listen               443 ssl default_server;
        ssl                  on;
        ssl_certificate      /etc/ssl/certs/server.crt;
        ssl_certificate_key  /etc/ssl/certs/server.key;
        ...

Force to redirect to HTTPS if client access over HTTP:

server {
        listen 80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
    }

Purchase SSL certificate

You can purchase it from SSL providers such as ZeroSSL. This provider charges you $10/month, and free trial for 3 months. Follow their instruction lead you to validate and download these cert/key files, then upload them to folder `/etc/ssl/certs/ on EC2 server.

Correct these files permission:

chmod 400 /etc/ssl/certs/server.crt
chmod 400 /etc/ssl/certs/server.key

Edit security group of EC2 instance to allow access over HTTPS.

Port range   Protocol   Source
443          TCP        0.0.0.0/0

Restart nginx server.

systemctl restart nginx.service

Now, you site is secured, you can access over SSL.

https://<yoursite>