Deployment of a Dockerized Application with AWS EC2, Nginx, Docker, and Automated SSL via Certbot

INTRODUCTION

In this project, I worked on deploying a web application on AWS EC2. I used Docker to containerize the app, Nginx to manage traffic as a reverse proxy, and Certbot to set up SSL for secure connections. The project's goal was to create a reliable and scalable environment in the cloud that would ensure the application runs securely and efficiently. I started by launching a Ubuntu EC2 instance on AWS and installed the tools needed for the setup: Docker, Docker Compose, Nginx, and Certbot. Docker was used to containerize the application, which made it easier to deploy and manage. Nginx was configured as a reverse proxy to direct incoming traffic to the application, and Certbot handled the automatic setup of SSL certificates to secure the site with HTTPS. To make the application accessible through a simple and professional URL, I configured a custom subdomain to point to the EC2 instance. This setup made the deployment process more straightforward and ensured that the app was secure and ready for production use.

Prerequisites

  • AWS EC2 Instance: Ubuntu OS with SSH access.

  • Domain Name: A registered domain pointing to the EC2 instance.

  • Basic Tools: SSH client, a text editor, and basic Linux knowledge.

Installation of Required Tools

  • Update and upgrade the system: SSH into the EC2 instance, update and upgrade the server.
sudo apt update -y && sudo apt upgrade -y
  • Install required tools in a single command:
sudo apt update -y && sudo apt upgrade -y
sudo apt install nginx -y && sudo apt install docker.io -y && sudo apt install docker-compose -y && sudo apt install certbot -y && sudo apt install python3-certbot-nginx -y
  • Confirm Installation
sudo docker --version
sudo nginx -v
sudo docker-compose --version

Setting Up Environment Variables (.env File)

An .env file was used to store sensitive information like database passwords and API keys. This kept the docker-compose.yml file clean and secure, preventing accidental exposure of sensitive data. The .env file should be saved in the project root directory.

Configuring the docker-compose.yml File

services:
  app-service:
    image: ronke/django:latest
    container_name: app_sync
    restart: always
    ports:
      - "8000:8000"
    env_file:
      - .env
  • Deploy the application
sudo docker-compose up -d

Step: Configuring the Subdomain

  1. Set Up DNS Records for the Subdomain

    • Log in to your domain registrar or DNS hosting provider (e.g., Namecheap, Afraid DNS).

    • Navigate to the DNS settings for your domain.

    • Add an A Record for the subdomain pointing to your EC2 instance's public IP address:

      • Host/Name: app

      • Type: A

      • Value/Target: <your-EC2-public-IP>

Setting Up and Configuring Nginx

  • Navigate to /etc/nginx/sites-available/ and create a configuration file:
sudo vim /etc/nginx/sites-available/myapp

Save and exit the file.

  • Enable the configuration
sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
server {
    listen 80;
    server_name yourdomain.com;

    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Secure the Subdomain with SSL

  • Generate and install an SSL certificate for the subdomain:
sudo certbot certonly --standalone -d <subdomain> -d <www.subdomain>

Configuring Nginx for SSL

server {
 listen 80;
 server_name yoursubdomain.com www.yoursubdomain.com;
 return 301 https://$host$request_uri;
}



server {
        listen 443 ssl;
        server_name stock.mycliq.tech www.stock.mycliq.tech;
        ssl_certificate /etc/letsencrypt/live/yoursubdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yoursubdomain.com/privkey.pem;
        location / {
                proxy_pass http://127.0.0.1:8000;
        }
}
  • Check for syntax error
sudo nginx -t
  • Reload Nginx to apply changes
sudo service nginx reload

Verify the Setup

You can test the application manually:

curl https//localhost:8000 (replace 8000 with your actual port)

To check for external availability

  • Open a browser and go to www.<yourdomain.com>

  • Confirm the application is accessible, and SSL is active.