Securing web traffic is paramount in today’s digital landscape. One fundamental step in enhancing web security is redirecting HTTP traffic to HTTPS, ensuring that all communication between your users and your web server is encrypted. This guide will walk you through setting up HTTPS on your AWS EC2 instance and implementing HTTP to HTTPS redirection using AWS CloudFront without needing a load balancer.

Enhancing Web Security: A Step-by-Step Guide to Redirect HTTP to HTTPS on AWS EC2 Without Load Balancers

Securing your web server with HTTPS protects sensitive data and boosts your site’s credibility. Follow these steps to ensure your AWS EC2-hosted website enforces HTTPS for all users.

Acquiring an SSL/TLS Certificate for Secure Communication

Before you can enable HTTPS, you need an SSL/TLS certificate. Here’s how you can acquire one:

  1. AWS Certificate Manager (ACM): If you’re using AWS CloudFront or Elastic Load Balancing, you can get a free SSL/TLS certificate through AWS ACM. However, ACM certificates cannot be used directly with EC2 instances.
  2. Let’s Encrypt: For EC2 instances, Let’s Encrypt offers free, automated SSL/TLS certificates. Install Certbot on your EC2 instance to quickly request and manage certificates.
    • SSH into your EC2 instance.
    • Install Certbot and dependencies: sudo yum install -y certbot python3-certbot-nginx
    • Request a certificate: sudo certbot –nginx
    • Follow the prompts to obtain and install the certificate.

Setting Up HTTPS on AWS EC2

With your SSL/TLS certificate, you can now configure your web server (such as Nginx or Apache) to use HTTPS.

  1. Nginx Configuration:
    • Open your Nginx configuration file: sudo nano /etc/nginx/nginx.conf

Update the server block to include SSL settings:

server {

    listen 443 ssl;

    server_name your_domain.com;

    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;

    location / {

        try_files $uri $uri/ =404;

    }

}

  • Save and exit the file, then restart Nginx: sudo systemctl restart nginx
  1. Apache Configuration:
    • Open the Apache configuration file: sudo nano /etc/httpd/conf/httpd.conf

Add the following configuration:

<VirtualHost *:443>

    ServerName your_domain.com

    SSLEngine on

    SSLCertificateFile /etc/letsencrypt/live/your_domain.com/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem

    DocumentRoot /var/www/html

</VirtualHost>

  • Save the file and restart Apache: sudo systemctl restart httpd

Implementing HTTP to HTTPS Redirection Using AWS CloudFront

While you’ve secured your EC2 instance, enforcing HTTPS for all traffic is essential. AWS CloudFront can handle this redirection efficiently.

  1. Create a CloudFront Distribution:
    • In the AWS Management Console, navigate to CloudFront and create a new distribution.
    • Under “Origin Settings,” set the Origin Domain Name to your EC2 instance’s public DNS.
    • Configure the following settings:
      • Viewer Protocol Policy: Redirect HTTP to HTTPS
      • Origin Protocol Policy: HTTPS Only
  2. Deploy the Distribution:
    • Complete the setup and deploy your CloudFront distribution. This may take a few minutes.

Finalizing the Setup: Adding CloudFront Domain Name to Route 53

You must point your domain to the CloudFront distribution to finalize your HTTPS setup.

  1. Route 53 Configuration:
    • In the AWS Management Console, go to Route 53 and select the hosted zone for your domain.
    • Create an alias record pointing your domain (e.g., www.your_domain.com) to the CloudFront distribution.
  2. Verify the Setup:
    • Access your website using your domain name. Ensure that all HTTP traffic is being redirected to HTTPS.

Conclusion: Securing User Data and Trust with HTTPS

Following these steps, you’ve secured your AWS EC2-hosted website with HTTPS, ensuring all user data is encrypted during transmission. Redirecting HTTP to HTTPS protects your users and enhances trust and SEO rankings.

References

Enable HTTPS traffic and verify the certificate

Configure SSL/TLS on AL2