Amazon EC2 + SSL

Question

I want to enable ssl on an EC2 instance. I know how to install third party SSL. I have also enabled ssl in security group.

I just want to use a url like this: ec2-xx-xxx-xxx-xx.compute-1.amazonaws.com with https.

I couldn't find the steps anywhere.

It would be great if someone can direct me to some document or something.

---

Edit:

I have a instance on EC2. On Which I have installed LAMP. I have also enabled http, https and ssh in the security group policy.

When I open the Public DNS url in browser,I can see the web server running perfectly. But When I add https to URL, nothing happens.

Is there a way I am missing? I really dont want to use any custom domain on this instance because I will terminate it after a month.

Answer 1

For development, demo, internal testing, (which is a common case for me) you can achieve demo grade https in ec2 with tunneling tools. Within few minutes especially for internal testing purposes with [ngrok] you would have https (demo grade traffic goes through tunnel)

Tool 1: https://ngrok.com Steps:

1. Download ngrok to your ec2 instance: wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip (at the time of writing but you will see this link in ngrok home page once you login).
2. Enable 8080, 4443, 443, 22, 80 in your AWS security group.
3. Register and login to ngrok and copy the command to activate it with token: ./ngrok authtoken shjfkjsfkjshdfs (you will see it in their home page once you login)
4. Run your http - non https server (any, nodejs, python, whatever) on EC2
5. Run ngrok: ./ngrok http 80 (or a different port if your simple http server runs on a different server)
6. You will get an https link to your server.

Tool 2: cloudflare wrap

Alternatively, I think you can use an alternative to ngrok which is called cloudflare wrap but I haven't tried that.

Tool 3: localtunnel

A third alternative could be https://localtunnel.github.io which as opposed to ngrok can provide you a subdomain for free it's not permanent but you can ask for a specific subdomain and not a random string.

--subdomain request a named subdomain on the localtunnel server (default is random characters)

Tool 4: https://serveo.net/

Answer 2

Turns out that Amazon does not provide ssl certificates for their EC2 instances out of box. I skipped the part that they are a virtual servers providers.

To install ssl certificate even the basic one, you need to buy it from someone and install it manually on your server.

I used startssl.com They provide free basic ssl certificates.

Answer 3

1. Create a self signed SSL certificate using openssl. CHeck this link for more information.
2. Install that certificate on your web server. As you have mentioned LAMP, I guess it is Apache. So check this link for installing SSL to Apache.

In case you reboot your instance, you will get a different public DNS so be aware of this. OR attach an elastic IP address to your instance.

But When I add https to URL, nothing happens.

Correct, your web server needs to have SSL certificate and private key installed to serve traffic on https. Once it is done, you should be good to go. Also, if you use self-signed cert, then your web browser will complain about non-trusted certificate. You can ignore that warning and proceed to access the web page.

Answer 4

You can enable SSL on an EC2 instance without a custom domain using a combination of Caddy and nip.io.

nip.io is allows you to map any IP Address to a hostname without the need to edit a hosts file or create rules in DNS management.

Caddy is a powerful open source web server with automatic HTTPS.

1. Install Caddy on your server

2. Create a Caddyfile and add your config (this config will forward all requests to port 8000)

   <EC2 Public IP>.nip.io {
       reverse_proxy localhost:8000
   }
   

   

3. Start Caddy using the command caddy start

You should now be able to access your server over https://<IP>.nip.io

I wrote an in-depth article on the setup here: Configure HTTPS on AWS EC2 without a Custom Domain