Setting up a secure, production-ready web application requires proper DNS configuration and SSL certificates. This guide walks through the steps to configure DNS, obtain SSL certificates, and set up HTTPS.
Understanding the Stack
1. DNS Records Setup
Configure these records at your registrar (GoDaddy, Namecheap, Route53):
Type: A
Name: @
Value: your-ec2-public-ip
Type: CNAME
Name: www
Value: yourdomain.com2. Installing Certbot
bash
sudo apt update
sudo apt install certbot python3-certbot-nginx -y3. Obtaining SSL Certificates
Certbot can automatically configure Nginx for you:
bash
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comFollow the prompts to redirect HTTP to HTTPS (recommended).
4. Automatic Renewal
Let's Encrypt certs expire in 90 days. Verify the auto-renewal timer:
bash
sudo systemctl status certbot.timer
sudo certbot renew --dry-run5. Security Best Practices
Add these headers to your Nginx config for better security:
nginx
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;Verification
Visit your site at https://yourdomain.com and check for the padlock icon!