Deploying your Node.js app to the cloud doesn’t have to be complicated. In this comprehensive guide, you’ll learn how to launch a virtual machine using AWS EC2, containerize your app with Docker, set up a reverse proxy using Nginx, and secure it with SSL using Certbot.

What is AWS?

Amazon Web Services (AWS) is the world’s most widely adopted cloud platform. It offers on-demand infrastructure like compute power (EC2), storage (S3), databases (RDS), and networking tools — all scalable and pay-as-you-go.

Instead of setting up and managing physical servers, AWS allows you to :

• Launch virtual machines in seconds (EC2)
• Store files securely (S3)
• Use databases without server management (RDS)
• Deploy globally with minimal latency
  

What is EC2?

Amazon EC2 (Elastic Compute Cloud) is a virtual server hosted on the AWS cloud. It allows you to run applications just like you would on your own physical machine — but with flexibility, scalability, and global reach.

What is Docker and Why Use It?

Docker allows you to bundle your application and its dependencies into a single package, called a container. This means you don't need to worry about whether certain libraries or software are installed on the server; the container has everything it needs.

Benefits:

• Consistency across development and production
• Easy to deploy and scale
• Isolated environments for running apps

In this guide, we’ll focus on launching a secure and scalable web server using EC2, Docker, Nginx, and Certbot.

Why Use Nginx?

Nginx is a high-performance web server that is commonly used as a reverse proxy.

In this setup:

• Your Node.js app will run on port 3000 inside a Docker container.
• Nginx listens on the default web ports (80 for HTTP and 443 for HTTPS).
• Nginx forwards incoming requests to your app — this keeps your infrastructure clean and makes adding SSL easy.

What is SSL and Why Use Certbot?

SSL (Secure Sockets Layer) encrypts data between the user’s browser and your server, preventing interception or tampering.

Certbot is a free and automated tool by Let’s Encrypt that generates and renews SSL certificates.

Even though SSL is optional, it’s highly recommended:

• It ensures user data is safe.
• It builds trust for your website.

Architecture Diagram

Step 1: Launch an EC2 Instance

1. Log in to the AWS Management Console.
2. Region: Choose the closest to your users (e.g., ap-south-1 for Mumbai)
3. Navigate to EC2 > Launch Instance.
   

Set the following configuration:

• Name: nodejs-server (or any identifier)
• AMI: Ubuntu Server 22.04 LTS (a stable and popular Linux distribution)
• Instance Type: t2.micro (Free Tier eligible – good for beginners and basic apps)
• Key Pair: Create or use an existing one (essential for SSH access)

Configure the Security Group

This step opens necessary ports on your server:

• Port 22 (SSH) – Required for connecting via terminal
• Port 80 (HTTP) – To serve web traffic via Nginx
• Port 443 (HTTPS) – For SSL (secure) traffic

 If these ports are not open, you won’t be able to connect or access your app publicly.

• Storage: 8 GB (General Purpose SSD - gp3)
• Network: Default VPC and Subnet

Click Launch Instance.

Connect to Your EC2 Instance

Once the instance status shows “running”:

• Go to your Downloads folder (or wherever your .pem key was downloaded).
• Run the following command to set proper permissions on the key file:

Code

    chmod 400 your-key.pem                          
                    

• Now connect to your server using SSH:

Code

    ssh -i /path/to/your-key.pem ubuntu@<your-ec2-public-ip>                         
                    

If you share your public IP with someone, they can also connect to your EC2 (assuming they have the key and SSH access enabled).

Install Docker, Nginx, and Certbot

Once connected to your EC2 server, install the required packages:

1. Update the server

Code

    sudo apt update && sudo apt upgrade -y                         
                    

2. Install Docker

Code

    sudo apt install docker.io -y
    sudo systemctl start docker
    sudo systemctl enable docker                        
                    

3. Install Nginx

Code

    sudo apt install nginx -y
    sudo systemctl start nginx
    sudo systemctl enable nginx                      
                    

4. Install Certbot (for SSL)

Code

    sudo apt install certbot python3-certbot-nginx -y                 
                    

Deploy Node.js App with Docker

Make sure your Node.js app contains :

• Dockerfile
• server.js
• package.json
  

Dockerfile:

Code

    FROM node:18
    WORKDIR /app
    COPY package*.json ./
    RUN npm install
    COPY . .
    EXPOSE 3000
    CMD ["node", "server.js"]              
                    

Deploy your app on EC2:

Code

    # Clone or upload your project
    git clone https://github.com/your-username/your-node-app.git
    cd your-node-app
    
    # Build and run Docker container
    sudo docker build -t node-app .
    sudo docker run -d -p 3000:3000 --name node-container node-app           
                    

Then visit this
http://<your-ec2-public-ip>:3000
You should see your Node.js app running!

Set Up Nginx as a Reverse Proxy

To expose your app on port 80 with a clean URL:

1. Create a new Nginx configuration file :

Create a new Nginx site config:

Code

    sudo nano /etc/nginx/sites-available/domain-name.conf           
                    

2. Paste the following (replace your-domain.com with your actual domain or EC2 public IP) :

Code

    server {
        listen 80;
        server_name your-domain.com;  # Replace with your domain 
        location / {
            proxy_pass http://localhost:3000;  #add the port of container
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }
    }           
                    

3. Enable the site and reload Nginx:

Code

    sudo ln -s /etc/nginx/sites-available/domain-name.conf /etc/nginx/sites-enabled/
    sudo nginx -t
    sudo systemctl reload nginx                                  
                    

Test via:

http://<domain>

Enable SSL with Certbot (If You Have a Domain)

if you have a domain (e.g., myapp.com) pointed to your EC2 public IP:

1. Make sure DNS propagation is complete.
2. Run the following command to automatically install an SSL certificate and configure Ng

Code

    sudo certbot                                 
                    

Follow the interactive prompts. Certbot will:

• Detect your Nginx config
• Obtain a free SSL certificate from Let’s Encrypt
• Configure Nginx to redirect HTTP → HTTPS
• Set up auto-renewal of SSL certificates

After setup:

https://your-domain.com

You’ll now see a secure 🔒 padlock in the browser

What If You Don’t Have a Domain?

No problem! You can still test the app:

• http://<your-ec2-public-ip>:3000 → Direct access to Docker app
• http://<your-ec2-public-ip> → Access via Nginx reverse proxy

SSL will not work on public IPs (requires a valid domain), but HTTP will still function properly.

Final Notes

• Stop your EC2 instance when not in use to avoid unnecessary charges.
• For production, assign an Elastic IP so your server's IP address doesn’t change on reboot.
  
• You can further explore
  
  • IAM roles and policies for secure access
  • CloudWatch for monitoring
  • Automatic backups and scaling solutions

Conclusion

By following this guide, you’ve successfully:

• Launched a secure EC2 instance
• Installed and used Docker to run a Node.js app
• Configured Nginx as a reverse proxy
• Secure your site using Certbot SSL
  
  

This setup gives you a production-ready environment using powerful AWS services and industry best practices.

Every expert was once a beginner. Keep building, experimenting, and learning.