Hosting a Website on AWS EC2 (Ubuntu)

AWS (Amazon Web Services) is a cloud platform that provides various services like storage, computing, and networking. It allows you to run websites and applications without needing physical servers.

EC2 (Elastic Compute Cloud) is a service in AWS that lets you create virtual servers. It’s flexible, cost-effective, and scalable — making it a great choice for hosting websites of any size.

Why it’s good:
You only pay for what you use, it’s reliable, and you can quickly scale up or down based on your traffic needs.

Phase 1: Launching EC2 Instance on AWS

1. Login to AWS Dashboard
   Go to aws.amazon.com and log in to your account.

2. Go to EC2 Service
   From the AWS Console, search for EC2 and click to open the EC2 Dashboard.

3. Launch a New Instance
   Click on “Launch Instance” to begin setting up your virtual server.

4. Set Name and OS

   • Under Name and Tags, enter a name for your server .

   • Choose Ubuntu as the operating system.

5. Create Key Pair

   • Create a new key pair for SSH login.

   • For Windows, choose the .ppk format (for use with PuTTY).

   • For Mac/Linux, use the default .pem.

6. Configure Firewall (Security Group)

   • Tick the boxes to allow HTTP and HTTPS traffic from the internet.

     

7. Launch the Instance

• Click “Launch Instance”.

• Once it says “successful”, your server is live!

  

Phase 2: Connect to the Instance & Setup

1. Open PuTTY Application
   Launch PuTTY on your computer.

2. Enter Public IP Address

• In the Host Name (or IP address) field, enter your EC2 instance's Public IPv4 address.

• Example: ec2-3-120-45-67.compute-1.amazonaws.com or 13.45.67.89

3. Save the SSH Session (Optional)

• Go to the "Saved Sessions" field, type a name (e.g., MyAWSInstance), and click Save.

  

4. Upload Your .ppk Key File

• In the left sidebar, expand Connection → SSH → Auth.

• Click "Browse" next to "Private key file for authentication".

• Select the .ppk file you created earlier when generating the key pair.

  

5. Return to Session and Save Again

• Go back to Session, click save to save this config with your key.

6. Connect to the Server

• Click Open.

• On the first connection, you'll see a security alert. Click Accept to proceed.

  

7. Login as 'ubuntu'

You’ll now be logged into your EC2 instance via PuTTY.

Phase 3: Connect to the Instance & Setup

Run these command in putty.

sudo apt update -y     # Updates the list of available packages and versions from the internet

sudo apt upgrade -y    # Installs the latest versions of all packages currently installed

sudo apt install fish -y   # Installs the 'fish' shell (a user-friendly command line shell)

Phase 4: Create a user and set permissions

sudo adduser node
# Creates a new user named 'node'

sudo mkdir -p /home/node/.ssh
# Creates the .ssh folder in the home directory of the 'node' user (for SSH keys)

sudo vim /home/node/.ssh/authorized_keys
# Opens the file to paste your public SSH key (id_rsa.pub) for login access

sudo chown -R node:node /home/node/.ssh
# Makes the 'node' user the owner of the .ssh folder and everything inside

sudo chmod 700 /home/node/.ssh
# Sets permissions so only the owner can access the .ssh folder

sudo chmod 600 /home/node/.ssh/authorized_keys
# Sets permissions so only the owner can read/write the authorized_keys file

sudo chown node:node /home/node/.ssh/authorized_keys
# Ensures the authorized_keys file is owned by the 'node' user

sudo usermod -aG sudo node
# Adds the 'node' user to the 'sudo' group so they can use sudo (admin rights)

Phase 5: Configure Firewall and SSH

# Allow SSH access through UFW (for remote login)
sudo ufw allow OpenSSH

# Allow HTTP traffic (port 80) for web access
sudo ufw allow 80/tcp

# Allow HTTPS traffic (port 443) for secure web access
sudo ufw allow 443/tcp

# (Optional) List all available UFW application profiles
sudo ufw app list

# Enable the UFW firewall (you will be asked for confirmation)
sudo ufw enable

# Check the current UFW firewall status and rules
sudo ufw status

# Open SSH configuration file for editing
sudo vi /etc/ssh/sshd_config

#Inside the file, add or update these lines:

PermitRootLogin no             # Disables root user login via SSH
PasswordAuthentication no      # Disables password-based SSH login (only key-based allowed)

# Restart SSH service to apply the new security settings
sudo systemctl restart ssh

Enable Passwordless Sudo for 'node' User

# Open sudoers file safely using visudo
sudo visudo

# At the bottom of the file, add:
node ALL=(ALL) NOPASSWD:ALL     # Allows 'node' user to use sudo without a password

Phase 6: Install Nginx and Host Your Site

🔹 Step 1: Connect to Your Server Using PowerShell

ssh -i your-key.pem ubuntu@your-public-ip

• Replace your-key.pem with your actual key file.

• Replace your-public-ip with the Public IPv4 of your EC2 instance.

  🔹 Step 2: Update the System

sudo apt update -y     # Refresh package lists

🔹 Step 3: Install Nginx Web Server

sudo apt install nginx -y   # Install Nginx

🔹 Step 4: Start and Enable Nginx

sudo systemctl start nginx     # Start Nginx now
sudo systemctl enable nginx    # Enable it to run at startup

🔹 Step 5: Edit Default Web Page

sudo vim /var/www/html/index.html

• This opens the default Nginx web page file.

• Press i to enter INSERT mode.

• Paste your HTML code, for example:

    <html>
      <head><title>Welcome</title></head>
      <body><h1>Hello from AWS EC2 with Nginx!</h1></body>
    </html>
  

4. Visit http://<instance-public-ip> in your browser.

Note: Why These Settings Matter

1. SSH Security (Root Login & Password Disabled)

• Why PermitRootLogin no?
  Disabling root login (PermitRootLogin no) adds an extra layer of protection. It prevents direct login as the powerful root user, making it harder for attackers to gain full control of the server in one step.

• Why PasswordAuthentication no?
  This disables password-based SSH logins. Only users with a valid private key can log in. This significantly reduces the risk of brute-force attacks.

Key-based authentication is safer and more secure than using passwords.

2. Network Access (Ports 80 & 443)

• Why Allow Port 80 (HTTP)?
  Port 80 is the default port for serving web content over HTTP. This is required to display your website when someone visits your domain or IP address using regular HTTP.

• Why Allow Port 443 (HTTPS)?
  Port 443 is used for HTTPS, which is the secure version of HTTP. It encrypts data between your server and visitors, protecting sensitive information.

Even if you're starting with HTTP, it's a best practice to enable HTTPS early for security and SEO benefits.

🎉 Hurray! You've successfully launched an EC2 instance, secured it, and hosted your own website with Nginx on AWS! You're now one step closer to mastering cloud deployment. Keep building! 🚀💻