Anuj's Blog

Configure HTTPS on AWS EC2 without a Custom Domain

Configure HTTPS on AWS EC2 without a Custom Domain

Anuj Anand Bansal's photo
Anuj Anand Bansal
·

3 min read

Setting up HTTPS can be a bit intimidating for the inexperienced user — it takes many steps, it requires specific knowledge of encryption and server configuration, and it sounds complicated in general.

Most of the solutions require you to have a custom domain or use tunnelling services like ngrok. But what if you don't have a domain name or don't want to rely on services like ngrok?

In this article I'll show you how to configure an HTTPS server on an AWS EC2 instance without a custom domain. We'll be using Caddy as a reverse proxy and nip.io as our DNS, both of which are dead simple to setup.

Setting up the server

Let's start by creating an EC2 instance with the following Security Group Inbound rules.

Screenshot_2021-08-16_at_5.32.50_PM.png

Next SSH into the Instance and create an index.html file.

Screenshot 2021-08-16 at 5.10.12 PM.png

Here, I'm using Python built-in SimpleHTTPServer to quickly start a server and serve index.html

Screenshot 2021-08-16 at 5.34.40 PM.png

We can see that by going to our <EC2 Public IP>:8000 we can access our webpage.

Screenshot 2021-08-16 at 5.17.06 PM.png

But as you can see the browser complains that the connection is not secure. Let's fix this and enable SSL on this server.

HTTPS using Public IP

Start another terminal session and login into your instance.

Now, install Caddy on the server. Instructions can be found here. Caddy 2 is a powerful open source web server with automatic HTTPS. Caddy simplifies your infrastructure and takes care of TLS certificate renewals.

yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddy

Next we'll create a Caddyfile with the following contents

<EC2 Public IP>.nip.io {
    reverse_proxy localhost:8000
}

Over here, we are using nip.io as a DNS. nip.io allows you to map any IP Address to a hostname without the need to edit a hosts file or create rules in DNS management. nip.io maps .nip.io in "dot", "dash" or "hexadecimal" notation to the corresponding .

Screenshot 2021-08-16 at 5.16.02 PM.png

What we are doing here is basically setting up a proxy to forward all requests to port 8000 of our instance. Save the file as Caddyfile and run the command caddy run.

This will start Caddy certificate management service and download a certificate for the indentifier <IP>.nip.io.

Screenshot 2021-08-16 at 5.16.39 PM.png

Now if you go to your address <IP>.nip.io you'll see that the connection is secure and the browser no longer complains about insecure connections.

Screenshot 2021-08-16 at 5.18.31 PM.png

If you want to run Caddy in background all you have to do is run caddy start.

Screenshot_2021-08-16_at_5.46.23_PM.png

Using a combination of Caddy and nip.io you can easily setup HTTPS certificate on basically any server without a custom domain or much experience with handling certificate chains.

👋 Hope this was helpful!

Feel free to reach out to me on Twitter.

Did you find this article valuable?

Support Anuj Anand Bansal by becoming a sponsor. Any amount is appreciated!

AWSTutorialBeginner Developershttps