Creating Amazon EC2 Instances for NGINX Open Source and NGINX Plus
These instructions explain how to create instances in the Amazon Elastic Compute Cloud (EC2) environment suitable for running NGINX Open Source and NGINX Plus.
- Creating Amazon EC2 Instances
- Connecting to an Instance
- Automating Installation with a Configuration Manager
- Optional: Creating an NGINX Open Source AMI
For NGINX Plus, a faster alternative is to purchase a prebuilt Amazon Machine Image (AMI) in the AWS Marketplace. Several operating systems are available, including Amazon Linux, Red Hat Enterprise Linux, and Ubuntu. For instructions, see Installing NGINX Plus AMIs on Amazon EC2.
These instructions assume you have:
- An AWS account.
- If using the instructions in Automating Installation with Ansible, basic Linux system administration skills, including installation of Linux software from vendor‑supplied packages, and file creation and editing.
In addition, to install NGINX software by following the linked instructions, you need:
- An NGINX Plus subscription, either paid or a 30‑day free trial, if you plan to install that product.
rootprivilege on the hosts where NGINX Open Source and NGINX Plus are to be installed. If appropriate for your environment, prefix commands with the
Log into the EC2 dashboard in the AWS Management Console (https://console.aws.amazon.com/ec2/).
In the left navigation bar, select Instances, then click the Launch Instance button.
In the Step 1: Choose an Amazon Machine Image (AMI) window, click the Select button for the Linux distribution of your choice.
In the Step 2: Choose an Instance Type window, click the radio button for the appropriate instance type. In the screenshot, we are selecting a t2.micro instance, which is normally selected by default and is sufficient for demo purposes.
Note: At the time of publication of this guide, AWS gives you 750 hours of free usage per month with this instance type during the first year of your AWS account. Keep in mind, however, that if they run 24 hours a day, the sets of instances specified in the NGINX deployment guides use up the 750 hours in just a few days (just over 5 days for 6 instances, and just under 4 days for 8 instances).
Click the Next: Configure Instance Details button to continue to the next step.
In the Step 3: Configure Instance Details window, select the default subnet for your VPC in the Subnet field, then click the Next: Add Storage button.
In the Step 4: Add Storage window, leave the defaults unchanged. Click the Next: Add Tags button.
In the Step 5: Add Tags window, click the Add Tag button. Type Name in the Key field, and in the Value field type the instance name (the screenshot shows the result). This name is what will appear in the Name column of the summary table on the Instances tab of the EC2 dashboard (see the screenshot in Step 12, which shows one instance).
If you are following these instructions as directed by an NGINX deployment guide, the Creating EC2 Instances and Installing the NGINX Software section of the deployment guide specifies the instance names to use.
Click the Next: Configure Security Group button to continue to the next step.
In the Step 6: Configure Security Group window, select or enter the following values in the indicated fields:
- Assign a security group –
- If you are setting up a deployment with multiple instances (one in an NGINX deployment guide, for instance), and this is the first instance you are creating, select Create a new security group.
- For subsequent instances, select Select an existing security group instead (it makes sense for all instances in a deployment to use the same security group).
- Security group name – Name of the group. If you are following these instructions as directed by an NGINX deployment guide, the Prerequisites and Required AWS Configuration section of the deployment guide specifies the group name to use.
- Description – Description of the group; the group name is often used.
- Assign a security group –
In the table, modify the default rule for SSH connections, if necessary, by selecting or setting the following values. They allow inbound SSH connections from all sources (any IP address):
- Type – SSH
- Protocol – TCP
- Port Range – 22
- Source – Custom 0.0.0.0/0
- Description – Accept SSH connections from all sources
Create a rule that allows inbound HTTP connections from all sources, by clicking the Add Rule button and selecting or setting the following values in the new row:
- Type – HTTP
- Protocol – TCP
- Port Range – 80
- Source – Custom 0.0.0.0/0
- Description – Accept unencrypted HTTP connections from all sources
If appropriate, repeat this step to create a rule for HTTPS traffic.
When you’ve created all desired rules, click the Review and Launch button.
In the Step 7: Review Instance Launch window, verify the settings are correct. If so, click the Launch button in the lower‑right corner of the window. To change settings, click the Previous button to go back to earlier windows.
When you click the Launch button, a window pops up asking you to select an existing key pair or create a new key pair. Take the appropriate action for your use case, then click the Launch Instances button.
Note: It’s a best practice – and essential in a production environment – to create a separate key for each EC2 instance, so that if a key is compromised only the single associated instance becomes vulnerable.
A Launch Status window pops up to confirm that your launch is underway. To confirm the details of your instance when the launch completes, click the View Instances button on that page.
The instances you have created so far are listed on the Instances dashboard. The following screenshot shows a single instance.
Finalize your security group rules. You need to do this only for the first instance in a given set, because all instances in a set can use the same security group.
In the left navigation bar, select Security Groups.
Select the security group by clicking its radio button in the leftmost column of the table. A panel opens in the lower part of the window displaying details about the group.
Open the Inbound tab and verify that the rules you created in Steps 9 and 10 are listed.
Open the Outbound tab and click the Edit button to create a rule for outbound traffic. The set of rules depends on which ports you have used for traffic handled by the NGINX Plus instances:
- If, for example, you have used port 80 both for client traffic and for health checks from a load balancer (for example AWS Network Load Balancer), you need only one rule.
- If you have configured separate ports for different purposes, or ports other than 80 (such as 443 for HTTPS), make the appropriate adjustments.
In the Destination field, type the security group’s ID, which appears in the Group ID column in the upper table (here it’s sg-3bdbf55d).
To complete the instructions for installing and NGINX and NGINX Plus in other sections of this guide, you need to open a terminal window for each EC2 instance and connect to it over SSH.
Navigate to the Instances tab on the EC2 Dashboard if you are not there already.
Click the row for an instance to select it. In the screenshot instance2 is selected.
Click the Connect button above the list of instances. The Connect To Your Instance window pops up.
Follow the instructions in the pop‑up window, which are customized for the selected instance (here instance2) to provide the name of the key file in the steps and in the sample
Once you have established a connection with an instance, you can install the NGINX software on it. Follow the instructions in the NGINX Plus Admin Guide for NGINX Open Source and NGINX Plus. The Admin Guide also provides instructions for many maintenance tasks.
You can automate the installation of NGINX Open Source and NGINX Plus. Instructions for Ansible are provided below. For Chef and Puppet, see these articles on the NGINX, Inc. blog:
- Installing NGINX and NGINX Plus with Chef
- Deploying NGINX Plus for High Availability with Chef
- Installing NGINX and NGINX Plus with Puppet
Install Ansible. These commands are appropriate for Debian and Ubuntu systems:
$ apt update $ apt install python-pip -y $ pip install ansible
Install the official Ansible role from NGINX, Inc.:
$ ansible-galaxy install nginxinc.nginx
(NGINX Plus only) Copy the nginx-repo.key and nginx-repo.crt files provided by NGINX, Inc. to ~/.ssh/ngx-certs/.
Create a file called playbook.yml with the following contents:
--- - hosts: localhost become: true roles: - role: nginxinc.nginx
Run the playbook:
$ ansible-playbook playbook.yml
To streamline the process of installing NGINX Open Source on multiple instances, you can create an AMI from an existing NGINX Open Source instance, and spin up additional instances of the AMI when needed.
Navigate to the Instances tab on the Amazon EC2 Dashboard.
Select the base instance by clicking its row in the table. In the screenshot, instance2 is selected.
Click the Actions button and select Image > Create Image.
In the window that pops up, fill in the Image name and (optionally) Image description fields, then click the Create image button.
A Create Image window pops up to confirm that the image‑creation request was received. To verify that the image was created, navigate to the AMIs tab.