Securing your Node.js API with an SSL certificate is essential for protecting sensitive data and maintaining user trust. In this article, we will guide you through the process of adding an SSL certificate to a Node.js API running on an EC2 instance. Additionally, we will explore how to enable HTTPS by configuring the necessary security groups for your EC2 instance.
Prerequisites:
Before getting started, ensure you have the following:
- An EC2 instance running your Node.js API.
- NGINX is installed on the EC2 instance.
- A domain name associated with your EC2 instance (e.g., example.com).
- An SSL certificate was issued for your domain.
- Access to your AWS Management Console to update security groups.
💡 Speed up your blog creation with DifferAI.
Available for free exclusively on the free and open blogging platform, Differ.
Step 1: Install NGINX on your EC2 Instance
Begin by logging into your EC2 instance and installing NGINX by executing the following commands:
sudo apt update
sudo apt install nginx
Step 2: Configure NGINX as a Reverse Proxy
To configure NGINX as a reverse proxy, open the NGINX configuration file using the following command:
sudo nano /etc/nginx/sites-available/default
Replace the configuration file with replacing ‘example.com’ with your domain and ‘3000’ with the port number of your Node.js API.
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Save and exit the file (press, Ctrl+X, then, Y, and finally Enter). Restart NGINX to apply the changes:
sudo systemctl restart nginx
Step 3: Obtain an SSL Certificate
Obtain an SSL certificate for your domain from a trusted certificate authority (CA) or use a free certificate from Let’s Encrypt. Once you have the SSL certificate files (e.g., certificate.crt and private.key), proceed to the next step.
Step 4: Configure NGINX to Use SSL
Open the NGINX configuration file again:
sudo nano /etc/nginx/sites-available/default
Update the content with the following configuration, ensuring you replace the file paths with the correct locations of your SSL certificate files:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Save and exit the file. Restart NGINX to apply the SSL configuration:
sudo systemctl restart nginx
Step 5: Update Security Groups
To enable HTTPS traffic to your EC2 instance, you need to update the associated security groups.
- Go to your AWS Management Console and navigate to the EC2 dashboard.
- Locate your EC2 instance and click on its associated security group.
- In the inbound rules, add a new rule to allow HTTPS traffic on port 443.
- Protocol: HTTPS
- Port Range: 443
- Source: Custom or Anywhere (depending on your desired level of access)
Save the changes to update the security group.
Conclusion:
You have successfully installed an SSL certificate to your Node.js API running on an EC2 instance by following the steps shown in this article. You’ve also enabled HTTPS traffic to your EC2 instance by establishing the appropriate security groups. This enables a secure connection between customers and your API, as well as data delivery.