← Back to Blog

Hardening the Cloud: Securing my AWS Infrastructure with Nginx and SSL

In this project, I moved beyond simple static hosting to deploy a professional-grade environment on AWS. This documents the journey of setting up a robust deployment pipeline using Linux administration and modern security standards. My goal was to demonstrate the complete process of deploying a personal portfolio website on AWS EC2, configuring Nginx as the web server, attaching a custom domain, and securing the site usingHTTPS (Certbot – Let’s Encrypt).

Architecture Summary

  • Cloud Provider: AWS
  • Compute: EC2 (Amazon Linux 2023)
  • Web Server: Nginx
  • Domain: Namecheap (DNS managed manually)
  • SSL/TLS: Let’s Encrypt (Certbot)
  • Network: IPv4

Step-by-Step Implementation

Step 1: Create an AWS EC2 Instance

The foundation started in the AWS Console. I launched a t2.micro (Free Tier) instance using the Amazon Linux 2023 AMI. Networking was critical here; I created an SSH key pair (.pem) and configured the Security Group with specific rules:

  • HTTP (80) & HTTPS (443): Open to Anywhere.
  • SSH (22): Restricted to My IP only for security hardening.
ssh -i mykey.pem ec2-user@<EC2-Public-IP>

Step 2: Update System & Install Nginx

Once inside the server, I ensured everything was up to date and installed the web server engine.

sudo dnf update -y
sudo dnf install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx

Step 3 & 4: Domain & DNS Configuration

After purchasing frederickatasina.com from Namecheap, I pointed the A-records to my EC2 Public IP. I set up both the root (@) and 'www' hostnames to ensure full accessibility. Propagation took about 15 minutes.

Step 5 & 6: Website Directory & Nginx Server Block

I organized the file structure and set the correct permissions for the ec2-user.

sudo mkdir -p /var/www/frederickatasina.com/html
sudo chown -R ec2-user:ec2-user /var/www/frederickatasina.com

Then, I configured the Nginx server block to tell the server how to handle traffic for my specific domain:

server {
    listen 80;
    listen [::]:80;
    server_name frederickatasina.com www.frederickatasina.com;
    root /var/www/frederickatasina.com/html;
    index index.html;
    location / {
        try_files $uri $uri/ =404;
    }
}

Step 7 & 8: Installing Certbot & Enabling HTTPS

To secure the traffic, I used Certbot to automate the SSL certificate generation and Nginx configuration update.

sudo dnf install certbot python3-certbot-nginx -y
sudo certbot --nginx -d frederickatasina.com -d www.frederickatasina.com

Security Enhancements

  • Secured SSH via key-based login.
  • Disabled root login.
  • Enabled HTTPS with Let’s Encrypt.
  • Restricted inbound traffic to essential ports.

Lessons Learned

  • Linux administration on AWS EC2.
  • Linking domains via manual DNS management.
  • Automated SSL renewal and Nginx debugging.
  • Cloud security & server hardening.

This project strengthened my skills in cloud engineering, server configuration, and secure web deployment. It stands as a testament to a complete, secure deployment workflow.