NodeJS app on AWS Lightsail with SSL

Create an instance on AWS Lightsail

Login to Lightsail page on AWS

https://lightsail.aws.amazon.com/

Click on create instance

1. Select a platform Linux/Unix
2. Select a blueprint Apps + OS (checked by default) Select: Node.js (12.16.1)
3. Click Change SSH key pair Select existing key pair or create a new one
4. Choose your instance plan eg $3.5 USD
5. Identify your instance (Your Lightsail resources must have unique names.) eg: game-app
6. Click on Create instance button

Setup nodeJS app

Setup apache configuration

Click on terminal icon to connect instance

1. cd stack
2. sudo ./use_nodejs
3. mkdir apps && cd $_
4. mkdir egg-eliminate && cd $_
5. mkdir /opt/bitnami/apps/egg-eliminate/conf
6. Create the following configuration /opt/bitnami/apps/egg-eliminate/conf/httpd-prefix.conf Add the line below to it

Include "/opt/bitnami/apps/egg-eliminate/conf/httpd-app.conf" 

7. Create file /opt/bitnami/apps/egg-eliminate/conf/httpd-app.conf & append following

ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/

8. Append below ling in the following file /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf

Include "/opt/bitnami/apps/egg-eliminate/conf/httpd-prefix.conf" 

9. Restart the apache server sudo /opt/bitnami/ctlscript.sh restart apache

Create a nodeJS app

1. cd /opt/bitnami/apps/egg-eliminate/
2. mkdir application && $_
3. create app.js with the following content

const http = require('http');
const hostname = '127.0.0.1';
const port = 3000;
const server = http.createServer((req, res) => {
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');
  res.end('Hello World');
});
server.listen(port, hostname, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});

4. Start the nodeJS app node app.js

Test the app by access following

http://3.113.25.255

Setup SSL using Let’s Encrypt

Setup DNS record to access via subdomain

Configuring Amazon Route 53 DNS for your app

1. Click on hosted zones https://console.aws.amazon.com/route53/home?region=ap-northeast-1#hosted-zones: pages
2. Choose the domain eg example.com
3. Click on Record Set
4. Add following record

game.example.com. A  3.113.25.255

Configure SSL for sub-domain using Let's encrypt

1. sudo /opt/bitnami/bncert-tool
2. Domain list []: game.example.com
3. The following domains were not included: www.game.example.com. Do you want to add them? [Y/n]: n
4. Enable HTTP to HTTPS redirection [Y/n]: y
5. Confirm the final changes Changes to perform

The following changes will be performed to your Bitnami installation:

1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains: 
game.example.com
3. Configure a cron job to automatically renew the certificate each month
4. Configure web server name to: game.example.com
5. Enable HTTP to HTTPS redirection (example: redirect 
http://game.example.com to https://game.example.com)
6. Start web server once all changes have been performed

Do you agree to these changes? [Y/n]: Y

6. Create a free HTTPS certificate with Let’s Encrypt

Please provide a valid e-mail address for which to associate your Let's Encrypt 
certificate.
Domain list: game.example.com
Server name: game.example.com
E-mail address []: pramendra@gmail.com
The Let's Encrypt Subscriber Agreement can be found at:
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y

7. Find more details in the log file:

/tmp/bncert-xxxxx.log
If you find any issues, please check Bitnami Support forums at:
https://community.bitnami.com

Press [Enter] to continue:

Test the app by access following

https://game.example.com

Note: bncert-tool creates a certificate and add a crontab to renew the certificate

0 0 * * * sudo /opt/bitnami/letsencrypt/lego

the certificate gets renewed every day automatically.