Building a web serverr with NGINX
I recently joined the DevOps track of the HNG internship, and my first task was to install and configure NGINX on a cloud-based server to host a custom HTML page with a personalized message.
Setting up an AWS EC2 Instance
The first step was setting up an EC2 instance. I started by creating an IAM user on AWS to ensure that I was following best practices with security. This process was relatively simple but important because creating the IAM user with specific permissions helped me avoid using root credentials, which is a crucial step when working in the cloud.
Next, I set up a billing alarm on AWS to ensure that I would be notified if my usage exceeded my predefined budget—this is something I’ll definitely be keeping in place going forward.
Once the IAM user and billing alarms were set up, I provisioned an EC2 instance. I chose the Ubuntu for the instance, as I am more familiar with the Ubuntu environment and wanted to stick with something I was comfortable with. I made sure to open port 80 on the security group to allow HTTP traffic, as I planned to use NGINX to serve web pages.
Configuring NGINX
With the EC2 instance successfully provisioned, I shifted my focus to configuring NGINX. I consulted the official NGINX documentation, which provided clear and easy-to-follow steps. Once NGINX was installed, I began configuring it to serve a custom HTML page.
To start, I replaced the default index.html file located in the /var/www/html/ directory with my own custom HTML file. Next, I updated the NGINX configuration to ensure it correctly served the page by creating a server block in the configuration file. The server block was configured as follows to handle all incoming requests to the root path:
http {
server {
location / {
root /var/www/html;
}
}
}
After making the necessary changes, I restarted the NGINX service to ensure the new configuration took effect:
sudo service nginx restart
Firewall
In addition to configuring NGINX, I also took steps to secure the instance by configuring the firewall to block all incoming traffic on ports other than those required. To accomplish this, I created a Bash script that configured UFW (Uncomplicated Firewall) to allow traffic only on the following ports: 22 (SSH), 443 (HTTPS), and 80 (HTTP). Here's the script I used:
#!/usr/bin/env bash
# Configure UFW to block all incoming traffic except for the following TCP ports:
# - 22 (SSH)
# - 443 (HTTPS SSL)
# - 80 (HTTP)
apt-get install ufw
sed -i 's/IPV6=.*/IPV6=yes/' /etc/default/ufw
ufw disable
ufw enable
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 443/tcp
ufw allow 80/tcp
Challenges and Learnings
One of the biggest challenges I faced during this task was selecting the right cloud platform. Initially, I tried signing up for DigitalOcean, but I kept running into issues with my credit card being rejected. Despite multiple attempts, I couldn’t get past the payment process. After some frustration, I decided to pivot and use AWS EC2, which ended up being a smoother experience and provided more flexibility.
Once I got past that hurdle, the task itself was fairly straightforward. However, I had to get familiar with some cloud-specific concepts. For example, I initially didn’t realize that EC2 instances in AWS are associated with both a private and a public IP address due to the Virtual Private Cloud (VPC) setup. Understanding this was crucial because I had to ensure I was using the public IP to access the instance from the outside world.
Another issue I ran into was forgetting to configure the EC2 instance’s security settings to allow HTTP traffic. By default, EC2 instances are locked down to prevent unauthorized access, so I had to go back and update the security group to allow inbound traffic on port 80. Once I made this adjustment, everything worked as expected.
Backlinks
DevOps Engineers - https://hng.tech/hire/devops-engineers
Cloud Engineers - https://hng.tech/hire/cloud-engineers